openldap/ldapcert.sh

   1 #!/bin/sh
   2 #
   3 # This is a temporary script to generate a self-signet certificate for the openLDAP service.
   4 #
   5 LDAPCERTDIR=/etc/openldap/certs
   6
   7 # Check if a server key allready exists.
   8 if [ ! -f $LDAPCERTDIR/server.key ]; then
   9         echo "Generating openLDAP server key."
  10         openssl genrsa -out $LDAPCERTDIR/server.key 2048
  11
  12         # Fix ownership and permissions.
  13         chown ldap:ldap $LDAPCERTDIR/server.key
  14         chmod 0600 $LDAPCERTDIR/server.key
  15 fi
  16
  17 # Check if the certificate allready exists.
  18 if [ ! -f $LDAPCERTDIR/server.pem ]; then
  19         echo "Generating CSR"
  20         openssl req -new -key $LDAPCERTDIR/server.key \
  21                 -out $LDAPCERTDIR/server.csr
  22
  23         echo "Signing certificate"
  24         openssl x509 -req -days 365 -in \
  25                 $LDAPCERTDIR/server.csr -signkey $LDAPCERTDIR/server.key \
  26                 -out $LDAPCERTDIR/server.pem
  27
  28         # Remove unneeded csr file.
  29         rm -rvf $LDAPCERTDIR/server.csr
  30
  31         # Fix ownership and file permissions.
  32         chown ldap:ldap $LDAPCERTDIR/server.pem
  33         chmod 0600 $LDAPCERTDIR/server.pem
  34 fi