projects / people / ms / ipfire-3.x.git / blame
| Commit | Line | Data |
|---|---|---|
| f2dfd577 SS |
1 | #!/bin/sh |
| 2 | # | |
| 3 | # This is a temporary script to generate a self-signet certificate for the openLDAP service. | |
| 4 | # | |
| 5 | LDAPCERTDIR=/etc/openldap/certs | |
| 6 | ||
| 7 | # Check if a server key allready exists. | |
| 8 | if [ ! -f $LDAPCERTDIR/server.key ]; then | |
| 9 | echo "Generating openLDAP server key." | |
| 10 | openssl genrsa -out $LDAPCERTDIR/server.key 2048 | |
| 11 | ||
| 12 | # Fix ownership and permissions. | |
| 13 | chown ldap:ldap $LDAPCERTDIR/server.key | |
| 14 | chmod 0600 $LDAPCERTDIR/server.key | |
| 15 | fi | |
| 16 | ||
| 17 | # Check if the certificate allready exists. | |
| 18 | if [ ! -f $LDAPCERTDIR/server.pem ]; then | |
| 19 | echo "Generating CSR" | |
| 20 | openssl req -new -key $LDAPCERTDIR/server.key \ | |
| 21 | -out $LDAPCERTDIR/server.csr | |
| 22 | ||
| 23 | echo "Signing certificate" | |
| 24 | openssl x509 -req -days 365 -in \ | |
| 25 | $LDAPCERTDIR/server.csr -signkey $LDAPCERTDIR/server.key \ | |
| 26 | -out $LDAPCERTDIR/server.pem | |
| 27 | ||
| 28 | # Remove unneeded csr file. | |
| 29 | rm -rvf $LDAPCERTDIR/server.csr | |
| 30 | ||
| 31 | # Fix ownership and file permissions. | |
| 32 | chown ldap:ldap $LDAPCERTDIR/server.pem | |
| 33 | chmod 0600 $LDAPCERTDIR/server.pem | |
| 34 | fi |