mirror of
https://github.com/vincentmli/bpfire.git
synced 2026-04-10 02:55:55 +02:00
43 lines
1.3 KiB
Bash
43 lines
1.3 KiB
Bash
#!/bin/sh
|
|
#
|
|
# new : generate new certificate
|
|
# read: read issuer in certificate and verify if it is the same as hostname
|
|
|
|
# See how we were called.
|
|
case "$1" in
|
|
new)
|
|
if [ ! -f /etc/httpd/server.key ]; then
|
|
echo "Generating https server key."
|
|
/usr/bin/openssl genrsa -out /etc/httpd/server.key 4096
|
|
fi
|
|
echo "Generating CSR"
|
|
/bin/cat /etc/certparams | sed "s/HOSTNAME/`hostname -f`/" | /usr/bin/openssl \
|
|
req -new -key /etc/httpd/server.key -out /etc/httpd/server.csr
|
|
echo "Signing certificate"
|
|
/usr/bin/openssl x509 -req -days 999999 -sha256 -in \
|
|
/etc/httpd/server.csr -signkey /etc/httpd/server.key -out \
|
|
/etc/httpd/server.crt
|
|
;;
|
|
read)
|
|
if [ -f /etc/httpd/server.key -a -f /etc/httpd/server.crt -a -f /etc/httpd/server.csr ]; then
|
|
ISSUER=`openssl x509 -in /etc/httpd/server.crt -text -noout | grep Issuer | /usr/bin/cut -f2 -d '='`
|
|
HOSTNAME=`/bin/hostname -f`
|
|
if [ "$ISSUER" != "$HOSTNAME" ]; then
|
|
echo "Certificate issuer '$ISSUER' is not the same as the hostname '$HOSTNAME'"
|
|
echo "Probably host or domain name has been changed in setup"
|
|
echo "You could remake server certificate with '/usr/local/bin/httpscert new'"
|
|
exit 1
|
|
else
|
|
echo "https certificate issuer match $HOSTNAME"
|
|
fi
|
|
else
|
|
echo "Certificate not found"
|
|
exit 1
|
|
fi
|
|
;;
|
|
*)
|
|
/bin/echo "Usage: $0 {read|new}"
|
|
exit 1
|
|
;;
|
|
esac
|