]>
git.ipfire.org Git - people/teissler/ipfire-2.x.git/blob - src/scripts/httpscert
3 # $Id: httpscert,v 1.1.2.2 2005/12/15 21:59:57 eoberlander Exp $
4 # new : generate new certificate
5 # read: read issuer in certificate and verify if it is the same as hostname
7 # See how we were called.
10 # set temporary random file
11 export RANDFILE
=/root
/.rnd
12 if [ ! -f /etc
/httpd
/server.key
]; then
13 echo "Generating https server key."
14 /usr
/bin
/openssl genrsa
-rand \
15 /boot
/vmlinuz
:CONFIG_ROOT
/ethernet
/settings
-out \
16 /etc
/httpd
/server.key
1024
19 /bin
/cat /etc
/certparams |
sed "s/HOSTNAME/`hostname -f`/" |
/usr
/bin
/openssl \
20 req
-new -key /etc
/httpd
/server.key
-out /etc
/httpd
/server.csr
21 echo "Signing certificate"
22 /usr
/bin
/openssl x509
-req -days 999999 -in \
23 /etc
/httpd
/server.csr
-signkey /etc
/httpd
/server.key
-out \
25 # unset and remove random file
30 if [ -f /etc
/httpd
/server.key
-a -f /etc
/httpd
/server.crt
-a -f /etc
/httpd
/server.csr
]; then
31 ISSUER
=`openssl x509 -in /etc/httpd/server.crt -text -noout | grep Issuer | /usr/bin/cut -f2 -d '='`
32 HOSTNAME
=`/bin/hostname -f`
33 if [ "$ISSUER" != "$HOSTNAME" ]; then
34 echo "Certificate issuer '$ISSUER' is not the same as the hostname '$HOSTNAME'"
35 echo "Probably host or domain name has been changed in setup"
36 echo "You could remake server certificate with '/usr/local/bin/httpscert new'"
39 echo "https certificate issuer match $HOSTNAME"
42 echo "Certificate not found"
47 /bin
/echo "Usage: $0 {read|new}"