]>
Commit | Line | Data |
---|---|---|
cd1a2927 MT |
1 | #!/bin/sh |
2 | # | |
cd1a2927 MT |
3 | # new : generate new certificate |
4 | # read: read issuer in certificate and verify if it is the same as hostname | |
5 | ||
6 | # See how we were called. | |
7 | case "$1" in | |
8 | new) | |
cd1a2927 MT |
9 | if [ ! -f /etc/httpd/server.key ]; then |
10 | echo "Generating https server key." | |
325aa1e1 | 11 | /usr/bin/openssl genrsa -out /etc/httpd/server.key 4096 |
cd1a2927 MT |
12 | fi |
13 | echo "Generating CSR" | |
14 | /bin/cat /etc/certparams | sed "s/HOSTNAME/`hostname -f`/" | /usr/bin/openssl \ | |
15 | req -new -key /etc/httpd/server.key -out /etc/httpd/server.csr | |
16 | echo "Signing certificate" | |
851fba0e | 17 | /usr/bin/openssl x509 -req -days 999999 -sha256 -in \ |
cd1a2927 MT |
18 | /etc/httpd/server.csr -signkey /etc/httpd/server.key -out \ |
19 | /etc/httpd/server.crt | |
cd1a2927 MT |
20 | ;; |
21 | read) | |
22 | if [ -f /etc/httpd/server.key -a -f /etc/httpd/server.crt -a -f /etc/httpd/server.csr ]; then | |
23 | ISSUER=`openssl x509 -in /etc/httpd/server.crt -text -noout | grep Issuer | /usr/bin/cut -f2 -d '='` | |
24 | HOSTNAME=`/bin/hostname -f` | |
25 | if [ "$ISSUER" != "$HOSTNAME" ]; then | |
65998e0a | 26 | echo "Certificate issuer '$ISSUER' is not the same as the hostname '$HOSTNAME'" |
cd1a2927 MT |
27 | echo "Probably host or domain name has been changed in setup" |
28 | echo "You could remake server certificate with '/usr/local/bin/httpscert new'" | |
29 | exit 1 | |
30 | else | |
31 | echo "https certificate issuer match $HOSTNAME" | |
32 | fi | |
33 | else | |
34 | echo "Certificate not found" | |
35 | exit 1 | |
36 | fi | |
37 | ;; | |
38 | *) | |
39 | /bin/echo "Usage: $0 {read|new}" | |
40 | exit 1 | |
41 | ;; | |
42 | esac |