]>
Commit | Line | Data |
---|---|---|
cd1a2927 MT |
1 | #!/bin/sh |
2 | # | |
cd1a2927 MT |
3 | # new : generate new certificate |
4 | # read: read issuer in certificate and verify if it is the same as hostname | |
5 | ||
6 | # See how we were called. | |
7 | case "$1" in | |
8 | new) | |
cd1a2927 | 9 | if [ ! -f /etc/httpd/server.key ]; then |
5760f93a | 10 | echo "Generating HTTPS RSA server key." |
325aa1e1 | 11 | /usr/bin/openssl genrsa -out /etc/httpd/server.key 4096 |
cd1a2927 | 12 | fi |
5760f93a PM |
13 | if [ ! -f /etc/httpd/server-ecdsa.key ]; then |
14 | echo "Generating HTTPS ECDSA server key." | |
15 | /usr/bin/openssl ecparam -genkey -name secp384r1 | openssl ec -out /etc/httpd/server-ecdsa.key | |
16 | fi | |
17 | ||
18 | echo "Generating CSRs" | |
19 | if [ ! -f /etc/httpd/server.csr ]; then | |
20 | /bin/cat /etc/certparams | sed "s/HOSTNAME/`hostname -f`/" | /usr/bin/openssl \ | |
21 | req -new -key /etc/httpd/server.key -out /etc/httpd/server.csr | |
22 | fi | |
23 | if [ ! -f /etc/httpd/server-ecdsa.csr ]; then | |
24 | /bin/cat /etc/certparams | sed "s/HOSTNAME/`hostname -f`/" | /usr/bin/openssl \ | |
25 | req -new -key /etc/httpd/server-ecdsa.key -out /etc/httpd/server-ecdsa.csr | |
26 | fi | |
27 | ||
28 | echo "Signing certificates" | |
29 | if [ ! -f /etc/httpd/server.crt ]; then | |
30 | /usr/bin/openssl x509 -req -days 999999 -sha256 -in \ | |
31 | /etc/httpd/server.csr -signkey /etc/httpd/server.key -out \ | |
32 | /etc/httpd/server.crt | |
33 | fi | |
34 | if [ ! -f /etc/httpd/server-ecdsa.crt ]; then | |
35 | /usr/bin/openssl x509 -req -days 999999 -sha256 -in \ | |
36 | /etc/httpd/server-ecdsa.csr -signkey /etc/httpd/server-ecdsa.key -out \ | |
37 | /etc/httpd/server-ecdsa.crt | |
38 | fi | |
39 | ;; | |
cd1a2927 MT |
40 | read) |
41 | if [ -f /etc/httpd/server.key -a -f /etc/httpd/server.crt -a -f /etc/httpd/server.csr ]; then | |
42 | ISSUER=`openssl x509 -in /etc/httpd/server.crt -text -noout | grep Issuer | /usr/bin/cut -f2 -d '='` | |
43 | HOSTNAME=`/bin/hostname -f` | |
44 | if [ "$ISSUER" != "$HOSTNAME" ]; then | |
65998e0a | 45 | echo "Certificate issuer '$ISSUER' is not the same as the hostname '$HOSTNAME'" |
cd1a2927 MT |
46 | echo "Probably host or domain name has been changed in setup" |
47 | echo "You could remake server certificate with '/usr/local/bin/httpscert new'" | |
48 | exit 1 | |
49 | else | |
50 | echo "https certificate issuer match $HOSTNAME" | |
51 | fi | |
52 | else | |
53 | echo "Certificate not found" | |
54 | exit 1 | |
55 | fi | |
56 | ;; | |
57 | *) | |
58 | /bin/echo "Usage: $0 {read|new}" | |
59 | exit 1 | |
60 | ;; | |
61 | esac |