Subversion Repositories ALCASAR

Compare Revisions

Ignore whitespace Rev 2812 → Rev 2813

/scripts/alcasar-importcert.sh
25,24 → 25,15
nb_args=$#
arg1=$1
 
function defaultNdd()
{
$SED "s/^HOSTNAME=.*/HOSTNAME=alcasar/g" /usr/local/etc/alcasar.conf
$SED "s/^DOMAIN=.*/DOMAIN=localdomain/g" /usr/local/etc/alcasar.conf
/usr/local/bin/alcasar-conf.sh --apply
}
 
function defaultCert()
{
mv -f $DIR_CERT/certs/alcasar.crt.old $DIR_CERT/certs/alcasar.crt
mv -f $DIR_CERT/private/alcasar.key.old $DIR_CERT/private/alcasar.key
if [ -f $DIR_CERT/certs/server-chain.crt.old ]
if [ -f $DIR_CERT/certs/server-chain.pem.old ]
then
mv $DIR_CERT/certs/server-chain.crt.old $DIR_CERT/certs/server-chain.crt
mv $DIR_CERT/certs/server-chain.pem.old $DIR_CERT/certs/server-chain.pem
fi
(cat $DIR_CERT/private/alcasar.key; echo; cat $DIR_CERT/certs/alcasar.crt) > $DIR_CERT/private/alcasar.pem
 
chown root:apache $DIR_CERT/private/alcasar.pem
chmod 750 $DIR_CERT/private/alcasar.pem
}
49,8 → 40,7
 
function domainName() # change the domain name in the conf files
{
fqdn=$(openssl x509 -noout -subject -in $cert | sed -n '/^subject/s/^.*CN=//p' | cut -d'/' -f 1)
 
fqdn=$(openssl x509 -noout -subject -nameopt multiline -in $DIR_CERT/certs/alcasar.crt | grep commonName|cut -d"=" -f2|tr -d ' ')
#check if there is a wildcard in $fqdn
if [[ $fqdn == *"*"* ]];
then
61,12 → 51,11
fi
domain=$(echo $fqdn | cut -d'.' -f2-)
echo "fqdn=$fqdn hostname=$hostname domain=$domain"
 
#check fqdn format
if [[ "$fqdn" != "" && "$domain" != "" ]]; then
$SED "s/^HOSTNAME=.*/HOSTNAME=$hostname/g" /usr/local/etc/alcasar.conf
$SED "s/^DOMAIN=.*/DOMAIN=$domain/g" /usr/local/etc/alcasar.conf
/usr/local/bin/alcasar-conf.sh --apply
# /usr/local/bin/alcasar-conf.sh --apply
fi
}
 
82,31 → 71,26
echo "Backup of old private key (alcasar.key)"
mv $DIR_CERT/private/alcasar.key $DIR_CERT/private/alcasar.key.old
fi
 
cp $cert $DIR_CERT/certs/alcasar.crt
cp $key $DIR_CERT/private/alcasar.key
 
(cat $DIR_CERT/private/alcasar.key; echo; cat $DIR_CERT/certs/alcasar.crt) > $DIR_CERT/private/alcasar.pem
 
chown root:apache $DIR_CERT/certs/alcasar.crt
chown root:apache $DIR_CERT/private/alcasar.key
chown root:apache $DIR_CERT/private/alcasar.pem
 
chmod 750 $DIR_CERT/certs/alcasar.crt
chmod 750 $DIR_CERT/private/alcasar.key
chmod 750 $DIR_CERT/private/alcasar.pem
 
if [ "$sc" != "" ]
then
echo "cert-chain exists"
if [ ! -f "$DIR_CERT/certs/server-chain.crt.old" ]
if [ ! -f "$DIR_CERT/certs/server-chain.pem.old" ]
then
echo "Backup of old cert-chain (server-chain.crt)"
mv $DIR_CERT/certs/server-chain.crt $DIR_CERT/certs/server-chain.crt.old
echo "Backup of old cert-chain (server-chain.pem)"
mv $DIR_CERT/certs/server-chain.pem $DIR_CERT/certs/server-chain.pem.old
fi
cp $sc $DIR_CERT/certs/server-chain.crt
chown root:apache $DIR_CERT/certs/server-chain.crt
chmod 750 $DIR_CERT/certs/server-chain.crt
cp $sc $DIR_CERT/certs/server-chain.pem
chown root:apache $DIR_CERT/certs/server-chain.pem
chmod 750 $DIR_CERT/certs/server-chain.pem
fi
}
 
164,7 → 148,7
echo "Server-chain certificate not found"
exit 1
fi
if [ ${sc: -4} != ".crt" ] && [ ${sc: -4} != ".cer" ]
if [ ${sc: -4} != ".crt" ] && [ ${sc: -4} != ".cer" ] && [ ${sc: -4} != ".pem" ]
then
echo "Invalid server-chain certificate file"
exit 1
171,12 → 155,8
fi
echo "Importing certificate $cert with private key $key and server-chain $sc"
fi
domainName $cert
certImport $cert $key $sc
for services in chilli unbound unbound-blackhole unbound-blacklist unbound-whitelist dnsmasq-whitelist lighttpd
do
echo "restarting $services"; systemctl restart $services; sleep 1
done
certImport
domainName
;;
-d)
if [ -f "/etc/pki/tls/certs/alcasar.crt.old" -a -f "/etc/pki/tls/private/alcasar.key.old" ]
183,11 → 163,8
then
echo "Restoring default certificate"
defaultCert
defaultNdd
for services in chilli unbound unbound-blackhole unbound-blacklist unbound-whitelist dnsmasq-whitelist lighttpd
do
echo "restarting $services"; systemctl restart $services; sleep 1
done
domainName
else echo "No default cert found"
fi
;;
*)