]>
git.ipfire.org Git - ipfire-2.x.git/blob - src/scripts/httpscert
3 # new : generate new certificate
4 # read: read issuer in certificate and verify if it is the same as hostname
6 # See how we were called.
9 if [ ! -f /etc
/httpd
/server.key
]; then
10 echo "Generating https server key."
11 /usr
/bin
/openssl genrsa
-out /etc
/httpd
/server.key
4096
14 /bin
/cat /etc
/certparams |
sed "s/HOSTNAME/`hostname -f`/" |
/usr
/bin
/openssl \
15 req
-new -key /etc
/httpd
/server.key
-out /etc
/httpd
/server.csr
16 echo "Signing certificate"
17 /usr
/bin
/openssl x509
-req -days 999999 -sha256 -in \
18 /etc
/httpd
/server.csr
-signkey /etc
/httpd
/server.key
-out \
22 if [ -f /etc
/httpd
/server.key
-a -f /etc
/httpd
/server.crt
-a -f /etc
/httpd
/server.csr
]; then
23 ISSUER
=`openssl x509 -in /etc/httpd/server.crt -text -noout | grep Issuer | /usr/bin/cut -f2 -d '='`
24 HOSTNAME
=`/bin/hostname -f`
25 if [ "$ISSUER" != "$HOSTNAME" ]; then
26 echo "Certificate issuer '$ISSUER' is not the same as the hostname '$HOSTNAME'"
27 echo "Probably host or domain name has been changed in setup"
28 echo "You could remake server certificate with '/usr/local/bin/httpscert new'"
31 echo "https certificate issuer match $HOSTNAME"
34 echo "Certificate not found"
39 /bin
/echo "Usage: $0 {read|new}"