- echo "Generating CSR"
- /bin/cat /etc/certparams | sed "s/HOSTNAME/`hostname -f`/" | /usr/bin/openssl \
- req -new -key /etc/httpd/server.key -out /etc/httpd/server.csr
- echo "Signing certificate"
- /usr/bin/openssl x509 -req -days 999999 -sha256 -in \
- /etc/httpd/server.csr -signkey /etc/httpd/server.key -out \
- /etc/httpd/server.crt
- ;;
+ if [ ! -f /etc/httpd/server-ecdsa.key ]; then
+ echo "Generating HTTPS ECDSA server key."
+ /usr/bin/openssl ecparam -genkey -name secp384r1 | openssl ec -out /etc/httpd/server-ecdsa.key
+ fi
+
+ echo "Generating CSRs"
+ if [ ! -f /etc/httpd/server.csr ]; then
+ /bin/cat /etc/certparams | sed "s/HOSTNAME/`hostname -f`/" | /usr/bin/openssl \
+ req -new -key /etc/httpd/server.key -out /etc/httpd/server.csr
+ fi
+ if [ ! -f /etc/httpd/server-ecdsa.csr ]; then
+ /bin/cat /etc/certparams | sed "s/HOSTNAME/`hostname -f`/" | /usr/bin/openssl \
+ req -new -key /etc/httpd/server-ecdsa.key -out /etc/httpd/server-ecdsa.csr
+ fi
+
+ echo "Signing certificates"
+ if [ ! -f /etc/httpd/server.crt ]; then
+ /usr/bin/openssl x509 -req -days 999999 -sha256 -in \
+ /etc/httpd/server.csr -signkey /etc/httpd/server.key -out \
+ /etc/httpd/server.crt
+ fi
+ if [ ! -f /etc/httpd/server-ecdsa.crt ]; then
+ /usr/bin/openssl x509 -req -days 999999 -sha256 -in \
+ /etc/httpd/server-ecdsa.csr -signkey /etc/httpd/server-ecdsa.key -out \
+ /etc/httpd/server-ecdsa.crt
+ fi
+ ;;