pakfire: use correct tree on x86_64.
[ipfire-2.x.git] / src / scripts / httpscert
1 #!/bin/sh
2 #
3 # new : generate new certificate
4 # read: read issuer in certificate and verify if it is the same as hostname
5
6 # See how we were called.
7 case "$1" in
8   new)
9         if [ ! -f /etc/httpd/server.key ]; then
10                 echo "Generating https server key."
11                 /usr/bin/openssl genrsa -out /etc/httpd/server.key 4096
12         fi
13         echo "Generating CSR"
14         /bin/cat /etc/certparams | sed "s/HOSTNAME/`hostname -f`/" | /usr/bin/openssl \
15                 req -new -key /etc/httpd/server.key -out /etc/httpd/server.csr
16         echo "Signing certificate"
17         /usr/bin/openssl x509 -req -days 999999 -sha256 -in \
18                 /etc/httpd/server.csr -signkey /etc/httpd/server.key -out \
19                 /etc/httpd/server.crt
20         ;;
21   read)
22         if [ -f /etc/httpd/server.key -a -f /etc/httpd/server.crt -a -f /etc/httpd/server.csr ]; then
23                 ISSUER=`openssl x509 -in /etc/httpd/server.crt -text -noout | grep Issuer | /usr/bin/cut -f2 -d '='`
24                 HOSTNAME=`/bin/hostname -f`
25                 if [ "$ISSUER" != "$HOSTNAME" ]; then
26                         echo "Certificate issuer '$ISSUER' is not the same as the hostname '$HOSTNAME'"
27                         echo "Probably host or domain name has been changed in setup"
28                         echo "You could remake server certificate with '/usr/local/bin/httpscert new'"
29                         exit 1
30                 else
31                         echo "https certificate issuer match $HOSTNAME"
32                 fi
33         else
34                 echo "Certificate not found"
35                 exit 1
36         fi
37         ;;
38   *)
39         /bin/echo "Usage: $0 {read|new}"
40         exit 1
41         ;;
42 esac