]>
git.ipfire.org Git - ipfire-2.x.git/blob - src/scripts/httpscert
3 # new : generate new certificate
4 # read: read issuer in certificate and verify if it is the same as hostname
6 # See how we were called.
9 if [ ! -f /etc
/httpd
/server.key
]; then
10 echo "Generating HTTPS RSA server key."
11 /usr
/bin
/openssl genrsa
-out /etc
/httpd
/server.key
4096
13 if [ ! -f /etc
/httpd
/server-ecdsa.key
]; then
14 echo "Generating HTTPS ECDSA server key."
15 /usr
/bin
/openssl ecparam
-genkey -name secp384r1 | openssl ec
-out /etc
/httpd
/server-ecdsa.key
18 echo "Generating CSRs"
19 if [ ! -f /etc
/httpd
/server.csr
]; then
20 /bin
/cat /etc
/certparams |
sed "s/HOSTNAME/`hostname -f`/" |
/usr
/bin
/openssl \
21 req
-new -key /etc
/httpd
/server.key
-out /etc
/httpd
/server.csr
23 if [ ! -f /etc
/httpd
/server-ecdsa.csr
]; then
24 /bin
/cat /etc
/certparams |
sed "s/HOSTNAME/`hostname -f`/" |
/usr
/bin
/openssl \
25 req
-new -key /etc
/httpd
/server-ecdsa.key
-out /etc
/httpd
/server-ecdsa.csr
28 echo "Signing certificates"
29 if [ ! -f /etc
/httpd
/server.crt
]; then
30 /usr
/bin
/openssl x509
-req -days 999999 -sha256 -in \
31 /etc
/httpd
/server.csr
-signkey /etc
/httpd
/server.key
-out \
34 if [ ! -f /etc
/httpd
/server-ecdsa.crt
]; then
35 /usr
/bin
/openssl x509
-req -days 999999 -sha256 -in \
36 /etc
/httpd
/server-ecdsa.csr
-signkey /etc
/httpd
/server-ecdsa.key
-out \
37 /etc
/httpd
/server-ecdsa.crt
41 if [ -f /etc
/httpd
/server.key
-a -f /etc
/httpd
/server.crt
-a -f /etc
/httpd
/server.csr
]; then
42 ISSUER
=`openssl x509 -in /etc/httpd/server.crt -text -noout | grep Issuer | /usr/bin/cut -f2 -d '='`
43 HOSTNAME
=`/bin/hostname -f`
44 if [ "$ISSUER" != "$HOSTNAME" ]; then
45 echo "Certificate issuer '$ISSUER' is not the same as the hostname '$HOSTNAME'"
46 echo "Probably host or domain name has been changed in setup"
47 echo "You could remake server certificate with '/usr/local/bin/httpscert new'"
50 echo "https certificate issuer match $HOSTNAME"
53 echo "Certificate not found"
58 /bin
/echo "Usage: $0 {read|new}"