]>
Commit | Line | Data |
---|---|---|
cd1a2927 MT |
1 | #!/bin/sh |
2 | # | |
cd1a2927 MT |
3 | # new : generate new certificate |
4 | # read: read issuer in certificate and verify if it is the same as hostname | |
5 | ||
6 | # See how we were called. | |
7 | case "$1" in | |
8 | new) | |
9 | # set temporary random file | |
10 | export RANDFILE=/root/.rnd | |
11 | if [ ! -f /etc/httpd/server.key ]; then | |
12 | echo "Generating https server key." | |
13 | /usr/bin/openssl genrsa -rand \ | |
14 | /boot/vmlinuz:CONFIG_ROOT/ethernet/settings -out \ | |
15 | /etc/httpd/server.key 1024 | |
16 | fi | |
17 | echo "Generating CSR" | |
18 | /bin/cat /etc/certparams | sed "s/HOSTNAME/`hostname -f`/" | /usr/bin/openssl \ | |
19 | req -new -key /etc/httpd/server.key -out /etc/httpd/server.csr | |
20 | echo "Signing certificate" | |
21 | /usr/bin/openssl x509 -req -days 999999 -in \ | |
22 | /etc/httpd/server.csr -signkey /etc/httpd/server.key -out \ | |
23 | /etc/httpd/server.crt | |
24 | # unset and remove random file | |
25 | export -n RANDFILE | |
26 | rm -f /root/.rnd | |
27 | ;; | |
28 | read) | |
29 | if [ -f /etc/httpd/server.key -a -f /etc/httpd/server.crt -a -f /etc/httpd/server.csr ]; then | |
30 | ISSUER=`openssl x509 -in /etc/httpd/server.crt -text -noout | grep Issuer | /usr/bin/cut -f2 -d '='` | |
31 | HOSTNAME=`/bin/hostname -f` | |
32 | if [ "$ISSUER" != "$HOSTNAME" ]; then | |
65998e0a | 33 | echo "Certificate issuer '$ISSUER' is not the same as the hostname '$HOSTNAME'" |
cd1a2927 MT |
34 | echo "Probably host or domain name has been changed in setup" |
35 | echo "You could remake server certificate with '/usr/local/bin/httpscert new'" | |
36 | exit 1 | |
37 | else | |
38 | echo "https certificate issuer match $HOSTNAME" | |
39 | fi | |
40 | else | |
41 | echo "Certificate not found" | |
42 | exit 1 | |
43 | fi | |
44 | ;; | |
45 | *) | |
46 | /bin/echo "Usage: $0 {read|new}" | |
47 | exit 1 | |
48 | ;; | |
49 | esac |