]> git.ipfire.org Git - ipfire-2.x.git/blobdiff - src/scripts/httpscert
projects / ipfire-2.x.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
drop httpscert and merge to apache initskript
[ipfire-2.x.git] / src / scripts / httpscert
diff --git a/src/scripts/httpscert b/src/scripts/httpscert
deleted file mode 100644 (file)
index cae39fb..0000000
--- a/src/scripts/httpscert
+++ /dev/null
@@ -1,61 +0,0 @@
-#!/bin/sh
-#
-# new : generate new certificate
-# read: read issuer in certificate and verify if it is the same as hostname
-
-# See how we were called.
-case "$1" in
-  new)
-       if [ ! -f /etc/httpd/server.key ]; then
-               echo "Generating HTTPS RSA server key."
-               /usr/bin/openssl genrsa -out /etc/httpd/server.key 4096
-       fi
-       if [ ! -f /etc/httpd/server-ecdsa.key ]; then
-               echo "Generating HTTPS ECDSA server key."
-               /usr/bin/openssl ecparam -genkey -name secp384r1 | openssl ec -out /etc/httpd/server-ecdsa.key
-       fi
-
-       echo "Generating CSRs"
-       if [ ! -f /etc/httpd/server.csr ]; then
-               /bin/cat /etc/certparams | sed "s/HOSTNAME/`hostname -f`/" | /usr/bin/openssl \
-                       req -new -key /etc/httpd/server.key -out /etc/httpd/server.csr
-       fi
-       if [ ! -f /etc/httpd/server-ecdsa.csr ]; then
-               /bin/cat /etc/certparams | sed "s/HOSTNAME/`hostname -f`/" | /usr/bin/openssl \
-                       req -new -key /etc/httpd/server-ecdsa.key -out /etc/httpd/server-ecdsa.csr
-       fi
-
-       echo "Signing certificates"
-       if [ ! -f /etc/httpd/server.crt ]; then
-               /usr/bin/openssl x509 -req -days 999999 -sha256 -in \
-                       /etc/httpd/server.csr -signkey /etc/httpd/server.key -out \
-                       /etc/httpd/server.crt
-       fi
-       if [ ! -f /etc/httpd/server-ecdsa.crt ]; then
-               /usr/bin/openssl x509 -req -days 999999 -sha256 -in \
-                       /etc/httpd/server-ecdsa.csr -signkey /etc/httpd/server-ecdsa.key -out \
-                       /etc/httpd/server-ecdsa.crt
-       fi
-       ;;
-  read)
-       if [ -f /etc/httpd/server.key -a -f /etc/httpd/server.crt -a -f /etc/httpd/server.csr ]; then
-               ISSUER=`openssl x509 -in /etc/httpd/server.crt -text -noout | grep Issuer | /usr/bin/cut -f2 -d '='`
-               HOSTNAME=`/bin/hostname -f`
-               if [ "$ISSUER" != "$HOSTNAME" ]; then
-                       echo "Certificate issuer '$ISSUER' is not the same as the hostname '$HOSTNAME'"
-                       echo "Probably host or domain name has been changed in setup"
-                       echo "You could remake server certificate with '/usr/local/bin/httpscert new'"
-                       exit 1
-               else
-                       echo "https certificate issuer match $HOSTNAME"
-               fi
-       else
-               echo "Certificate not found"
-               exit 1
-       fi
-       ;;
-  *)
-       /bin/echo "Usage: $0 {read|new}"
-       exit 1
-       ;;
-esac
IPFire 2.x development tree