WebSVN – ALCASAR – Diff – /scripts/alcasar-certificates.sh


#!/bin/sh
 
# Id: $Id$
 
# alcasar-certificates.sh
# by Franck BOUIJOUX and REXY
# This script is distributed under the Gnu General Public License (GPL)
 
# Script permettant
#	- d'exporter les certificats d'un serveur pour les transposer sur un autre.
 
# This script allows
#	- export certificates server to move them.
 
 
DIR_EXPORT="/root/Certificats"
DIR_PKI="/etc/pki"
DIR_SAVE="/root/PKI_SAVE"
DIR_IMPORT="/root/Certificats"
 
 
usage="Usage: alcasar-certificates.sh {--export or -x} | {--import or -i <FileOfCertificate.tar.gz>} "
 
nb_args=$#
args=$1
if [ $nb_args -eq 0 ]
then
	nb_args=1
	args="-h"
fi
 
 
NOW="$(date +%G%m%d-%Hh%M)"		# date et heure du moment
FILE="certificates-$NOW"
DIR_SAVE=$DIR_SAVE-$NOW
 
# Function of export
function certs_export() {
	#  Export of CA Certificate
	cd /root
	tar cvf $FILE.tar $DIR_PKI/CA/{alcasar-ca.crt,private/alcasar-ca.key}
 
	#  Export of server Certificate
	tar rvf $FILE.tar $DIR_PKI/tls/{certs/alcasar.crt,private/alcasar.key,certs/server-chain.pem}
	gzip $FILE.tar
	echo "Le fichier des certificats exportés est : $FILE.tar.gz"
} # end function export
 
 
function archive() {
	# Sauvegarde de la pki actuelle
	[ -d $DIR_SAVE ] || mkdir $DIR_SAVE
 
	#  Save of CA Certificate
	cd $DIR_PKI/CA/
	cp alcasar-ca.crt $DIR_SAVE/.
	cp private/alcasar-ca.key $DIR_SAVE/.
 
	#  Save of server Certificate
	cd $DIR_PKI/tls
	cp certs/alcasar.crt $DIR_SAVE/.
	cp private/alcasar.key $DIR_SAVE/.
	cp certs/server-chain.pem $DIR_SAVE/.
} # end function archive
 
function import() {
	echo "Would you like to Import New Certificates in ALCASAR ?"
	read response
	if [ $response = "y" ] || [ $response = "o" ] || [ $response = "Y" ] || [ $response = "O" ]
	then
		[ -d $DIR_IMPORT ] || mkdir $DIR_IMPORT
		rm -rf $DIR_IMPORT/*
 
		#  Import of CA Certificate
		tar xzvf $1 --directory=$DIR_IMPORT
 
		(cat $DIR_PKI/tls/private/alcasar.key; echo; cat $DIR_PKI/tls/certs/alcasar.crt) > $DIR_PKI/tls/private/alcasar.pem
 
		echo "Import new certificates in ALCASAR !!!"
		cp -r $DIR_IMPORT/* /.
		chown root:apache $DIR_PKI/CA/{alcasar-ca.crt,private/alcasar-ca.key}
		chown root:apache $DIR_PKI/tls/{certs/alcasar.crt,private/alcasar.key,private/alcasar.pem,certs/server-chain.pem}
 
		chmod 750 $DIR_PKI/CA/{alcasar-ca.crt,private/alcasar-ca.key}
		chmod 750 $DIR_PKI/tls/{certs/alcasar.crt,private/alcasar.key,private/alcasar.pem,certs/server-chain.pem}
 
		service lighttpd restart
	else
		echo "You are not import new certificates !!!"
		exit 0
	fi
} # end import
 
#  Core script
case $args in
	-\? | -h* | --h*)
		echo "$usage"
		exit 0
		;;
	--export | -x)	
		archive
		certs_export
		;;
	--import | -i)
		nb_args=$#
		if [ $nb_args -eq 1 ]
		then
			echo "Il faut passer un fichier de certificat en paramètre !!!"
			exit 0
		fi
		import $2
		;;
	*)
		echo "Unknown argument :$1";
		echo "$usage"
		exit 1
		;;
esac
exit 0
 
 

Rev 2554	Rev 2813
1	`#!/bin/sh`	1	`#!/bin/sh`
2		2
3	`# Id: $Id$`	3	`# Id: $Id$`
4		4
5	`# alcasar-certificates.sh`	5	`# alcasar-certificates.sh`
6	`# by Franck BOUIJOUX and REXY`	6	`# by Franck BOUIJOUX and REXY`
7	`# This script is distributed under the Gnu General Public License (GPL)`	7	`# This script is distributed under the Gnu General Public License (GPL)`
8		8
9	`# Script permettant`	9	`# Script permettant`
10	`# - d'exporter les certificats d'un serveur pour les transposer sur un autre.`	10	`# - d'exporter les certificats d'un serveur pour les transposer sur un autre.`
11		11
12	`# This script allows`	12	`# This script allows`
13	`# - export certificates server to move them.`	13	`# - export certificates server to move them.`
14		14
15		15
16	`DIR_EXPORT="/root/Certificats"`	16	`DIR_EXPORT="/root/Certificats"`
17	`DIR_PKI="/etc/pki"`	17	`DIR_PKI="/etc/pki"`
18	`DIR_SAVE="/root/PKI_SAVE"`	18	`DIR_SAVE="/root/PKI_SAVE"`
19	`DIR_IMPORT="/root/Certificats"`	19	`DIR_IMPORT="/root/Certificats"`
20		20
21		21
22	`usage="Usage: alcasar-certificates.sh {--export or -x} \| {--import or -i <FileOfCertificate.tar.gz>} "`	22	`usage="Usage: alcasar-certificates.sh {--export or -x} \| {--import or -i <FileOfCertificate.tar.gz>} "`
23		23
24	`nb_args=$#`	24	`nb_args=$#`
25	`args=$1`	25	`args=$1`
26	`if [ $nb_args -eq 0 ]`	26	`if [ $nb_args -eq 0 ]`
27	`then`	27	`then`
28	`nb_args=1`	28	`nb_args=1`
29	`args="-h"`	29	`args="-h"`
30	`fi`	30	`fi`
31		31
32		32
33	`NOW="$(date +%G%m%d-%Hh%M)" # date et heure du moment`	33	`NOW="$(date +%G%m%d-%Hh%M)" # date et heure du moment`
34	`FILE="certificates-$NOW"`	34	`FILE="certificates-$NOW"`
35	`DIR_SAVE=$DIR_SAVE-$NOW`	35	`DIR_SAVE=$DIR_SAVE-$NOW`
36		36
37	`# Function of export`	37	`# Function of export`
38	`function certs_export() {`	38	`function certs_export() {`
39	`# Export of CA Certificate`	39	`# Export of CA Certificate`
40	`cd /root`	40	`cd /root`
41	`tar cvf $FILE.tar $DIR_PKI/CA/{alcasar-ca.crt,private/alcasar-ca.key}`	41	`tar cvf $FILE.tar $DIR_PKI/CA/{alcasar-ca.crt,private/alcasar-ca.key}`
42		42
43	`# Export of server Certificate`	43	`# Export of server Certificate`
44	`tar rvf $FILE.tar $DIR_PKI/tls/{certs/alcasar.crt,private/alcasar.key,certs/server-chain.crt}`	44	`tar rvf $FILE.tar $DIR_PKI/tls/{certs/alcasar.crt,private/alcasar.key,certs/server-chain.pem}`
45	`gzip $FILE.tar`	45	`gzip $FILE.tar`
46	`echo "Le fichier des certificats exportés est : $FILE.tar.gz"`	46	`echo "Le fichier des certificats exportés est : $FILE.tar.gz"`
47	`} # end function export`	47	`} # end function export`
48		48
49		49
50	`function archive() {`	50	`function archive() {`
51	`# Sauvegarde de la pki actuelle`	51	`# Sauvegarde de la pki actuelle`
52	`[ -d $DIR_SAVE ] \|\| mkdir $DIR_SAVE`	52	`[ -d $DIR_SAVE ] \|\| mkdir $DIR_SAVE`
53		53
54	`# Save of CA Certificate`	54	`# Save of CA Certificate`
55	`cd $DIR_PKI/CA/`	55	`cd $DIR_PKI/CA/`
56	`cp alcasar-ca.crt $DIR_SAVE/.`	56	`cp alcasar-ca.crt $DIR_SAVE/.`
57	`cp private/alcasar-ca.key $DIR_SAVE/.`	57	`cp private/alcasar-ca.key $DIR_SAVE/.`
58		58
59	`# Save of server Certificate`	59	`# Save of server Certificate`
60	`cd $DIR_PKI/tls`	60	`cd $DIR_PKI/tls`
61	`cp certs/alcasar.crt $DIR_SAVE/.`	61	`cp certs/alcasar.crt $DIR_SAVE/.`
62	`cp private/alcasar.key $DIR_SAVE/.`	62	`cp private/alcasar.key $DIR_SAVE/.`
63	`cp certs/server-chain.crt $DIR_SAVE/.`	63	`cp certs/server-chain.pem $DIR_SAVE/.`
64	`} # end function archive`	64	`} # end function archive`
65		65
66	`function import() {`	66	`function import() {`
67	`echo "Would you like to Import New Certificates in ALCASAR ?"`	67	`echo "Would you like to Import New Certificates in ALCASAR ?"`
68	`read response`	68	`read response`
69	`if [ $response = "y" ] \|\| [ $response = "o" ] \|\| [ $response = "Y" ] \|\| [ $response = "O" ]`	69	`if [ $response = "y" ] \|\| [ $response = "o" ] \|\| [ $response = "Y" ] \|\| [ $response = "O" ]`
70	`then`	70	`then`
71	`[ -d $DIR_IMPORT ] \|\| mkdir $DIR_IMPORT`	71	`[ -d $DIR_IMPORT ] \|\| mkdir $DIR_IMPORT`
72	`rm -rf $DIR_IMPORT/*`	72	`rm -rf $DIR_IMPORT/*`
73		73
74	`# Import of CA Certificate`	74	`# Import of CA Certificate`
75	`tar xzvf $1 --directory=$DIR_IMPORT`	75	`tar xzvf $1 --directory=$DIR_IMPORT`
76		76
77	`(cat $DIR_PKI/tls/private/alcasar.key; echo; cat $DIR_PKI/tls/certs/alcasar.crt) > $DIR_PKI/tls/private/alcasar.pem`	77	`(cat $DIR_PKI/tls/private/alcasar.key; echo; cat $DIR_PKI/tls/certs/alcasar.crt) > $DIR_PKI/tls/private/alcasar.pem`
78		78
79	`echo "Import new certificates in ALCASAR !!!"`	79	`echo "Import new certificates in ALCASAR !!!"`
80	`cp -r $DIR_IMPORT/* /.`	80	`cp -r $DIR_IMPORT/* /.`
81	`chown root:apache $DIR_PKI/CA/{alcasar-ca.crt,private/alcasar-ca.key}`	81	`chown root:apache $DIR_PKI/CA/{alcasar-ca.crt,private/alcasar-ca.key}`
82	`chown root:apache $DIR_PKI/tls/{certs/alcasar.crt,private/alcasar.key,private/alcasar.pem,certs/server-chain.crt}`	82	`chown root:apache $DIR_PKI/tls/{certs/alcasar.crt,private/alcasar.key,private/alcasar.pem,certs/server-chain.pem}`
83		83
84	`chmod 750 $DIR_PKI/CA/{alcasar-ca.crt,private/alcasar-ca.key}`	84	`chmod 750 $DIR_PKI/CA/{alcasar-ca.crt,private/alcasar-ca.key}`
85	`chmod 750 $DIR_PKI/tls/{certs/alcasar.crt,private/alcasar.key,private/alcasar.pem,certs/server-chain.crt}`	85	`chmod 750 $DIR_PKI/tls/{certs/alcasar.crt,private/alcasar.key,private/alcasar.pem,certs/server-chain.pem}`
86		86
87	`service lighttpd restart`	87	`service lighttpd restart`
88	`else`	88	`else`
89	`echo "You are not import new certificates !!!"`	89	`echo "You are not import new certificates !!!"`
90	`exit 0`	90	`exit 0`
91	`fi`	91	`fi`
92	`} # end import`	92	`} # end import`
93		93
94	`# Core script`	94	`# Core script`
95	`case $args in`	95	`case $args in`
96	`-\? \| -h* \| --h*)`	96	`-\? \| -h* \| --h*)`
97	`echo "$usage"`	97	`echo "$usage"`
98	`exit 0`	98	`exit 0`
99	`;;`	99	`;;`
100	`--export \| -x)`	100	`--export \| -x)`
101	`archive`	101	`archive`
102	`certs_export`	102	`certs_export`
103	`;;`	103	`;;`
104	`--import \| -i)`	104	`--import \| -i)`
105	`nb_args=$#`	105	`nb_args=$#`
106	`if [ $nb_args -eq 1 ]`	106	`if [ $nb_args -eq 1 ]`
107	`then`	107	`then`
108	`echo "Il faut passer un fichier de certificat en paramètre !!!"`	108	`echo "Il faut passer un fichier de certificat en paramètre !!!"`
109	`exit 0`	109	`exit 0`
110	`fi`	110	`fi`
111	`import $2`	111	`import $2`
112	`;;`	112	`;;`
113	`*)`	113	`*)`
114	`echo "Unknown argument :$1";`	114	`echo "Unknown argument :$1";`
115	`echo "$usage"`	115	`echo "$usage"`
116	`exit 1`	116	`exit 1`
117	`;;`	117	`;;`
118	`esac`	118	`esac`
119	`exit 0`	119	`exit 0`
120		120
121		121

Subversion Repositories ALCASAR

(root)/scripts/alcasar-certificates.sh @ 2864 – Rev 2554 → 2813