25,24 → 25,15 |
nb_args=$# |
arg1=$1 |
|
function defaultNdd() |
{ |
$SED "s/^HOSTNAME=.*/HOSTNAME=alcasar/g" /usr/local/etc/alcasar.conf |
$SED "s/^DOMAIN=.*/DOMAIN=localdomain/g" /usr/local/etc/alcasar.conf |
/usr/local/bin/alcasar-conf.sh --apply |
} |
|
function defaultCert() |
{ |
mv -f $DIR_CERT/certs/alcasar.crt.old $DIR_CERT/certs/alcasar.crt |
mv -f $DIR_CERT/private/alcasar.key.old $DIR_CERT/private/alcasar.key |
if [ -f $DIR_CERT/certs/server-chain.crt.old ] |
if [ -f $DIR_CERT/certs/server-chain.pem.old ] |
then |
mv $DIR_CERT/certs/server-chain.crt.old $DIR_CERT/certs/server-chain.crt |
mv $DIR_CERT/certs/server-chain.pem.old $DIR_CERT/certs/server-chain.pem |
fi |
|
(cat $DIR_CERT/private/alcasar.key; echo; cat $DIR_CERT/certs/alcasar.crt) > $DIR_CERT/private/alcasar.pem |
|
chown root:apache $DIR_CERT/private/alcasar.pem |
chmod 750 $DIR_CERT/private/alcasar.pem |
} |
49,8 → 40,7 |
|
function domainName() # change the domain name in the conf files |
{ |
fqdn=$(openssl x509 -noout -subject -in $cert | sed -n '/^subject/s/^.*CN=//p' | cut -d'/' -f 1) |
|
fqdn=$(openssl x509 -noout -subject -nameopt multiline -in $DIR_CERT/certs/alcasar.crt | grep commonName|cut -d"=" -f2|tr -d ' ') |
#check if there is a wildcard in $fqdn |
if [[ $fqdn == *"*"* ]]; |
then |
61,12 → 51,11 |
fi |
domain=$(echo $fqdn | cut -d'.' -f2-) |
echo "fqdn=$fqdn hostname=$hostname domain=$domain" |
|
#check fqdn format |
if [[ "$fqdn" != "" && "$domain" != "" ]]; then |
$SED "s/^HOSTNAME=.*/HOSTNAME=$hostname/g" /usr/local/etc/alcasar.conf |
$SED "s/^DOMAIN=.*/DOMAIN=$domain/g" /usr/local/etc/alcasar.conf |
/usr/local/bin/alcasar-conf.sh --apply |
# /usr/local/bin/alcasar-conf.sh --apply |
fi |
} |
|
82,31 → 71,26 |
echo "Backup of old private key (alcasar.key)" |
mv $DIR_CERT/private/alcasar.key $DIR_CERT/private/alcasar.key.old |
fi |
|
cp $cert $DIR_CERT/certs/alcasar.crt |
cp $key $DIR_CERT/private/alcasar.key |
|
(cat $DIR_CERT/private/alcasar.key; echo; cat $DIR_CERT/certs/alcasar.crt) > $DIR_CERT/private/alcasar.pem |
|
chown root:apache $DIR_CERT/certs/alcasar.crt |
chown root:apache $DIR_CERT/private/alcasar.key |
chown root:apache $DIR_CERT/private/alcasar.pem |
|
chmod 750 $DIR_CERT/certs/alcasar.crt |
chmod 750 $DIR_CERT/private/alcasar.key |
chmod 750 $DIR_CERT/private/alcasar.pem |
|
if [ "$sc" != "" ] |
then |
echo "cert-chain exists" |
if [ ! -f "$DIR_CERT/certs/server-chain.crt.old" ] |
if [ ! -f "$DIR_CERT/certs/server-chain.pem.old" ] |
then |
echo "Backup of old cert-chain (server-chain.crt)" |
mv $DIR_CERT/certs/server-chain.crt $DIR_CERT/certs/server-chain.crt.old |
echo "Backup of old cert-chain (server-chain.pem)" |
mv $DIR_CERT/certs/server-chain.pem $DIR_CERT/certs/server-chain.pem.old |
fi |
cp $sc $DIR_CERT/certs/server-chain.crt |
chown root:apache $DIR_CERT/certs/server-chain.crt |
chmod 750 $DIR_CERT/certs/server-chain.crt |
cp $sc $DIR_CERT/certs/server-chain.pem |
chown root:apache $DIR_CERT/certs/server-chain.pem |
chmod 750 $DIR_CERT/certs/server-chain.pem |
fi |
} |
|
164,7 → 148,7 |
echo "Server-chain certificate not found" |
exit 1 |
fi |
if [ ${sc: -4} != ".crt" ] && [ ${sc: -4} != ".cer" ] |
if [ ${sc: -4} != ".crt" ] && [ ${sc: -4} != ".cer" ] && [ ${sc: -4} != ".pem" ] |
then |
echo "Invalid server-chain certificate file" |
exit 1 |
171,12 → 155,8 |
fi |
echo "Importing certificate $cert with private key $key and server-chain $sc" |
fi |
domainName $cert |
certImport $cert $key $sc |
for services in chilli unbound unbound-blackhole unbound-blacklist unbound-whitelist dnsmasq-whitelist lighttpd |
do |
echo "restarting $services"; systemctl restart $services; sleep 1 |
done |
certImport |
domainName |
;; |
-d) |
if [ -f "/etc/pki/tls/certs/alcasar.crt.old" -a -f "/etc/pki/tls/private/alcasar.key.old" ] |
183,11 → 163,8 |
then |
echo "Restoring default certificate" |
defaultCert |
defaultNdd |
for services in chilli unbound unbound-blackhole unbound-blacklist unbound-whitelist dnsmasq-whitelist lighttpd |
do |
echo "restarting $services"; systemctl restart $services; sleep 1 |
done |
domainName |
else echo "No default cert found" |
fi |
;; |
*) |