usr/local/bin/consort.sh
usr/local/bin/convert-ovpn
usr/local/bin/hddshutdown
-usr/local/bin/httpscert
usr/local/bin/makegraphs
usr/local/bin/qosd
usr/local/bin/readhash
usr/local/bin/consort.sh
usr/local/bin/convert-ovpn
usr/local/bin/hddshutdown
-usr/local/bin/httpscert
usr/local/bin/makegraphs
usr/local/bin/qosd
usr/local/bin/readhash
etc/httpd/conf/vhosts.d/captive.conf
etc/httpd/conf/vhosts.d/ipfire-interface.conf
etc/httpd/conf/vhosts.d/ipfire-interface-ssl.conf
+etc/rc.d/init.d/apache
etc/rc.d/init.d/firewall
srv/web/ipfire/cgi-bin/captive/index.cgi
srv/web/ipfire/cgi-bin/captive/logo.cgi
usr/bin/captive-cleanup
usr/local/bin/backupiso
usr/local/bin/captivectrl
-usr/local/bin/httpscert
usr/local/bin/wirelessctrl
var/ipfire/backup/include
var/ipfire/captive
# Stop services
openvpnctrl -k
openvpnctrl -kn2n
-
+/etc/rc.d/init.d/apache stop
# Extract files
extract_files
# Remove files
rm -vf \
+ /usr/local/bin/httpscert \
/srv/web/ipfire/html/dial.cgi
# update linker config
# Update Language cache
/usr/local/bin/update-lang-cache
-# generate ECDSA key on existing installations to prevent Apache from crashing
-/usr/local/bin/httpscert new
-
# Start services
-/etc/rc.d/init.d/apache2 restart
+/etc/rc.d/init.d/apache2 start
openvpnctrl -s
openvpnctrl -sn2n
. /etc/sysconfig/rc
. $rc_functions
+generate_certificates() {
+ if [ ! -f "/etc/httpd/server.key" ]; then
+ boot_mesg "Generating HTTPS RSA server key (this will take a moment)..."
+ openssl genrsa -out /etc/httpd/server.key 4096 &>/dev/null
+ evaluate_retval
+ fi
+
+ if [ ! -f "/etc/httpd/server-ecdsa.key" ]; then
+ boot_mesg "Generating HTTPS ECDSA server key..."
+ openssl ecparam -genkey -name secp384r1 -noout \
+ -out /etc/httpd/server-ecdsa.key &>/dev/null
+ evaluate_retval
+ fi
+
+ # Generate RSA CSR
+ if [ ! -f "/etc/httpd/server.csr" ]; then
+ sed "s/HOSTNAME/`hostname -f`/" < /etc/certparams | \
+ openssl req -new -key /etc/httpd/server.key \
+ -out /etc/httpd/server.csr &>/dev/null
+ fi
+
+ # Generate ECDSA CSR
+ if [ ! -f "/etc/httpd/server-ecdsa.csr" ]; then
+ sed "s/HOSTNAME/`hostname -f`/" < /etc/certparams | \
+ openssl req -new -key /etc/httpd/server-ecdsa.key \
+ -out /etc/httpd/server-ecdsa.csr &>/dev/null
+ fi
+
+ if [ ! -f "/etc/httpd/server.crt" ]; then
+ boot_mesg "Signing RSA certificate..."
+ openssl x509 -req -days 999999 -sha256 \
+ -in /etc/httpd/server.csr \
+ -signkey /etc/httpd/server.key \
+ -out /etc/httpd/server.crt &>/dev/null
+ evaluate_retval
+ fi
+
+ if [ ! -f "/etc/httpd/server-ecdsa.crt" ]; then
+ boot_mesg "Signing ECDSA certificate..."
+ openssl x509 -req -days 999999 -sha256 \
+ -in /etc/httpd/server-ecdsa.csr \
+ -signkey /etc/httpd/server-ecdsa.key \
+ -out /etc/httpd/server-ecdsa.crt &>/dev/null
+ evaluate_retval
+ fi
+}
+
case "$1" in
start)
- if [ -f /etc/httpd/server.key -a -f /etc/httpd/server.crt -a -f /etc/httpd/server.csr ]; then
- /usr/local/bin/httpscert read >/dev/null 2>&1
- else
- boot_mesg "Generating HTTPS host certificate (may take a couple of minutes)..."
- /usr/local/bin/httpscert new >/dev/null 2>&1
- evaluate_retval
-
- # Make sure that the key is written to disk.
- sync
- fi
+ # Generate all required certificates
+ generate_certificates
+
boot_mesg "Starting Apache daemon..."
/usr/sbin/apachectl -k start
evaluate_retval
+++ /dev/null
-#!/bin/sh
-#
-# new : generate new certificate
-# read: read issuer in certificate and verify if it is the same as hostname
-
-# See how we were called.
-case "$1" in
- new)
- if [ ! -f /etc/httpd/server.key ]; then
- echo "Generating HTTPS RSA server key."
- /usr/bin/openssl genrsa -out /etc/httpd/server.key 4096
- fi
- if [ ! -f /etc/httpd/server-ecdsa.key ]; then
- echo "Generating HTTPS ECDSA server key."
- /usr/bin/openssl ecparam -genkey -name secp384r1 | openssl ec -out /etc/httpd/server-ecdsa.key
- fi
-
- echo "Generating CSRs"
- if [ ! -f /etc/httpd/server.csr ]; then
- /bin/cat /etc/certparams | sed "s/HOSTNAME/`hostname -f`/" | /usr/bin/openssl \
- req -new -key /etc/httpd/server.key -out /etc/httpd/server.csr
- fi
- if [ ! -f /etc/httpd/server-ecdsa.csr ]; then
- /bin/cat /etc/certparams | sed "s/HOSTNAME/`hostname -f`/" | /usr/bin/openssl \
- req -new -key /etc/httpd/server-ecdsa.key -out /etc/httpd/server-ecdsa.csr
- fi
-
- echo "Signing certificates"
- if [ ! -f /etc/httpd/server.crt ]; then
- /usr/bin/openssl x509 -req -days 999999 -sha256 -in \
- /etc/httpd/server.csr -signkey /etc/httpd/server.key -out \
- /etc/httpd/server.crt
- fi
- if [ ! -f /etc/httpd/server-ecdsa.crt ]; then
- /usr/bin/openssl x509 -req -days 999999 -sha256 -in \
- /etc/httpd/server-ecdsa.csr -signkey /etc/httpd/server-ecdsa.key -out \
- /etc/httpd/server-ecdsa.crt
- fi
- ;;
- read)
- if [ -f /etc/httpd/server.key -a -f /etc/httpd/server.crt -a -f /etc/httpd/server.csr ]; then
- ISSUER=`openssl x509 -in /etc/httpd/server.crt -text -noout | grep Issuer | /usr/bin/cut -f2 -d '='`
- HOSTNAME=`/bin/hostname -f`
- if [ "$ISSUER" != "$HOSTNAME" ]; then
- echo "Certificate issuer '$ISSUER' is not the same as the hostname '$HOSTNAME'"
- echo "Probably host or domain name has been changed in setup"
- echo "You could remake server certificate with '/usr/local/bin/httpscert new'"
- exit 1
- else
- echo "https certificate issuer match $HOSTNAME"
- fi
- else
- echo "Certificate not found"
- exit 1
- fi
- ;;
- *)
- /bin/echo "Usage: $0 {read|new}"
- exit 1
- ;;
-esac