webadmin/bpfire
1
0
Fork 0
mirror of https://github.com/vincentmli/bpfire.git synced 2026-04-23 01:12:57 +02:00
Code Issues Packages Projects Releases Wiki Activity

drop httpscert and merge to apache initskript

Browse Source 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
This commit is contained in:
Arne Fitzenreiter
2017-10-22 15:50:38 +02:00
parent 0d6b6a219f
commit 9064ba72fe
6 changed files with 53 additions and 78 deletions
Download Patch File Download Diff File Expand all files Collapse all files

61
src/scripts/httpscert
View File

@@ -1,61 +0,0 @@
#!/bin/sh
#
# new : generate new certificate
# read: read issuer in certificate and verify if it is the same as hostname
# See how we were called.
case "$1" in
new)
if [ ! -f /etc/httpd/server.key ]; then
echo "Generating HTTPS RSA server key."
/usr/bin/openssl genrsa -out /etc/httpd/server.key 4096
fi
if [ ! -f /etc/httpd/server-ecdsa.key ]; then
echo "Generating HTTPS ECDSA server key."
/usr/bin/openssl ecparam -genkey -name secp384r1 | openssl ec -out /etc/httpd/server-ecdsa.key
fi
echo "Generating CSRs"
if [ ! -f /etc/httpd/server.csr ]; then
/bin/cat /etc/certparams | sed "s/HOSTNAME/`hostname -f`/" | /usr/bin/openssl \
req -new -key /etc/httpd/server.key -out /etc/httpd/server.csr
fi
if [ ! -f /etc/httpd/server-ecdsa.csr ]; then
/bin/cat /etc/certparams | sed "s/HOSTNAME/`hostname -f`/" | /usr/bin/openssl \
req -new -key /etc/httpd/server-ecdsa.key -out /etc/httpd/server-ecdsa.csr
fi
echo "Signing certificates"
if [ ! -f /etc/httpd/server.crt ]; then
/usr/bin/openssl x509 -req -days 999999 -sha256 -in \
/etc/httpd/server.csr -signkey /etc/httpd/server.key -out \
/etc/httpd/server.crt
fi
if [ ! -f /etc/httpd/server-ecdsa.crt ]; then
/usr/bin/openssl x509 -req -days 999999 -sha256 -in \
/etc/httpd/server-ecdsa.csr -signkey /etc/httpd/server-ecdsa.key -out \
/etc/httpd/server-ecdsa.crt
fi
;;
read)
if [ -f /etc/httpd/server.key -a -f /etc/httpd/server.crt -a -f /etc/httpd/server.csr ]; then
ISSUER=`openssl x509 -in /etc/httpd/server.crt -text -noout | grep Issuer | /usr/bin/cut -f2 -d '='`
HOSTNAME=`/bin/hostname -f`
if [ "$ISSUER" != "$HOSTNAME" ]; then
echo "Certificate issuer '$ISSUER' is not the same as the hostname '$HOSTNAME'"
echo "Probably host or domain name has been changed in setup"
echo "You could remake server certificate with '/usr/local/bin/httpscert new'"
exit 1
else
echo "https certificate issuer match $HOSTNAME"
fi
else
echo "Certificate not found"
exit 1
fi
;;
*)
/bin/echo "Usage: $0 {read|new}"
exit 1
;;
esac