]>
Commit | Line | Data |
---|---|---|
cd1a2927 MT |
1 | #!/bin/sh |
2 | # | |
3 | # $Id: httpscert,v 1.1.2.2 2005/12/15 21:59:57 eoberlander Exp $ | |
4 | # new : generate new certificate | |
5 | # read: read issuer in certificate and verify if it is the same as hostname | |
6 | ||
7 | # See how we were called. | |
8 | case "$1" in | |
9 | new) | |
10 | # set temporary random file | |
11 | export RANDFILE=/root/.rnd | |
12 | if [ ! -f /etc/httpd/server.key ]; then | |
13 | echo "Generating https server key." | |
14 | /usr/bin/openssl genrsa -rand \ | |
15 | /boot/vmlinuz:CONFIG_ROOT/ethernet/settings -out \ | |
16 | /etc/httpd/server.key 1024 | |
17 | fi | |
18 | echo "Generating CSR" | |
19 | /bin/cat /etc/certparams | sed "s/HOSTNAME/`hostname -f`/" | /usr/bin/openssl \ | |
20 | req -new -key /etc/httpd/server.key -out /etc/httpd/server.csr | |
21 | echo "Signing certificate" | |
22 | /usr/bin/openssl x509 -req -days 999999 -in \ | |
23 | /etc/httpd/server.csr -signkey /etc/httpd/server.key -out \ | |
24 | /etc/httpd/server.crt | |
25 | # unset and remove random file | |
26 | export -n RANDFILE | |
27 | rm -f /root/.rnd | |
28 | ;; | |
29 | read) | |
30 | if [ -f /etc/httpd/server.key -a -f /etc/httpd/server.crt -a -f /etc/httpd/server.csr ]; then | |
31 | ISSUER=`openssl x509 -in /etc/httpd/server.crt -text -noout | grep Issuer | /usr/bin/cut -f2 -d '='` | |
32 | HOSTNAME=`/bin/hostname -f` | |
33 | if [ "$ISSUER" != "$HOSTNAME" ]; then | |
65998e0a | 34 | echo "Certificate issuer '$ISSUER' is not the same as the hostname '$HOSTNAME'" |
cd1a2927 MT |
35 | echo "Probably host or domain name has been changed in setup" |
36 | echo "You could remake server certificate with '/usr/local/bin/httpscert new'" | |
37 | exit 1 | |
38 | else | |
39 | echo "https certificate issuer match $HOSTNAME" | |
40 | fi | |
41 | else | |
42 | echo "Certificate not found" | |
43 | exit 1 | |
44 | fi | |
45 | ;; | |
46 | *) | |
47 | /bin/echo "Usage: $0 {read|new}" | |
48 | exit 1 | |
49 | ;; | |
50 | esac |