]>
git.ipfire.org Git - people/amarx/ipfire-3.x.git/blob - openldap/ldapcert.sh
3 # This is a temporary script to generate a self-signet certificate for the openLDAP service.
5 LDAPCERTDIR
=/etc
/openldap
/certs
7 # Check if a server key allready exists.
8 if [ ! -f $LDAPCERTDIR/server.key
]; then
9 echo "Generating openLDAP server key."
10 openssl genrsa
-out $LDAPCERTDIR/server.key
2048
12 # Fix ownership and permissions.
13 chown ldap
:ldap
$LDAPCERTDIR/server.key
14 chmod 0600 $LDAPCERTDIR/server.key
17 # Check if the certificate allready exists.
18 if [ ! -f $LDAPCERTDIR/server.pem
]; then
20 openssl req
-new -key $LDAPCERTDIR/server.key \
21 -out $LDAPCERTDIR/server.csr
23 echo "Signing certificate"
24 openssl x509
-req -days 365 -in \
25 $LDAPCERTDIR/server.csr
-signkey $LDAPCERTDIR/server.key \
26 -out $LDAPCERTDIR/server.pem
28 # Remove unneeded csr file.
29 rm -rvf $LDAPCERTDIR/server.csr
31 # Fix ownership and file permissions.
32 chown ldap
:ldap
$LDAPCERTDIR/server.pem
33 chmod 0600 $LDAPCERTDIR/server.pem