Subversion Repositories ALCASAR

Rev

Rev 3141 | Details | Compare with Previous | Last modification | View Log

Rev Author Line No. Line
3141 rexy 1
#!/bin/sh
2
 
3
# Id: $Id$
4
 
5
# alcasar-certificates.sh
6
# by Franck BOUIJOUX and REXY
7
# This script is distributed under the Gnu General Public License (GPL)
8
 
9
# Script permettant
10
#       - d'exporter les certificats d'un serveur pour les transposer sur un autre.
11
 
12
# This script allows
13
#       - export certificates server to move them.
14
 
15
 
16
DIR_EXPORT="/root/Certificats"
17
DIR_PKI="/etc/pki"
18
DIR_SAVE="/root/PKI_SAVE"
19
DIR_IMPORT="/root/Certificats"
20
 
21
 
22
usage="Usage: alcasar-certificates.sh {--export or -x} | {--import or -i <FileOfCertificate.tar.gz>} "
23
 
24
nb_args=$#
25
args=$1
26
if [ $nb_args -eq 0 ]
27
then
28
        nb_args=1
29
        args="-h"
30
fi
31
 
32
 
33
NOW="$(date +%G%m%d-%Hh%M)"             # date et heure du moment
34
FILE="certificates-$NOW"
35
DIR_SAVE=$DIR_SAVE-$NOW
36
 
37
# Function of export
38
function certs_export() {
39
        #  Export of CA Certificate
40
        cd /root
41
        tar cvf $FILE.tar $DIR_PKI/CA/{alcasar-ca.crt,private/alcasar-ca.key}
42
 
43
        #  Export of server Certificate
44
        tar rvf $FILE.tar $DIR_PKI/tls/{certs/alcasar.crt,private/alcasar.key,certs/server-chain.pem}
45
        gzip $FILE.tar
46
        echo "Le fichier des certificats exportés est : $FILE.tar.gz"
47
} # end function export
48
 
49
 
50
function archive() {
51
        # Sauvegarde de la pki actuelle
52
        [ -d $DIR_SAVE ] || mkdir $DIR_SAVE
53
 
54
        #  Save of CA Certificate
55
        cd $DIR_PKI/CA/
56
        cp alcasar-ca.crt $DIR_SAVE/.
57
        cp private/alcasar-ca.key $DIR_SAVE/.
58
 
59
        #  Save of server Certificate
60
        cd $DIR_PKI/tls
61
        cp certs/alcasar.crt $DIR_SAVE/.
62
        cp private/alcasar.key $DIR_SAVE/.
63
        cp certs/server-chain.pem $DIR_SAVE/.
64
} # end function archive
65
 
66
function import() {
67
        echo "Would you like to Import New Certificates in ALCASAR ?"
68
        read response
69
        if [ $response = "y" ] || [ $response = "o" ] || [ $response = "Y" ] || [ $response = "O" ]
70
        then
71
                [ -d $DIR_IMPORT ] || mkdir $DIR_IMPORT
72
                rm -rf $DIR_IMPORT/*
73
 
74
                #  Import of CA Certificate
75
                tar xzvf $1 --directory=$DIR_IMPORT
76
 
77
                (cat $DIR_PKI/tls/private/alcasar.key; echo; cat $DIR_PKI/tls/certs/alcasar.crt) > $DIR_PKI/tls/private/alcasar.pem
78
 
79
                echo "Import new certificates in ALCASAR !!!"
80
                cp -r $DIR_IMPORT/* /.
81
                chown root:apache $DIR_PKI/CA/{alcasar-ca.crt,private/alcasar-ca.key}
82
                chown root:apache $DIR_PKI/tls/{certs/alcasar.crt,private/alcasar.key,private/alcasar.pem,certs/server-chain.pem}
83
 
84
                chmod 750 $DIR_PKI/CA/{alcasar-ca.crt,private/alcasar-ca.key}
85
                chmod 750 $DIR_PKI/tls/{certs/alcasar.crt,private/alcasar.key,private/alcasar.pem,certs/server-chain.pem}
86
 
3230 rexy 87
                service httpd restart
3141 rexy 88
        else
89
                echo "You are not import new certificates !!!"
90
                exit 0
91
        fi
92
} # end import
93
 
94
#  Core script
95
case $args in
96
        -\? | -h* | --h*)
97
                echo "$usage"
98
                exit 0
99
                ;;
100
        --export | -x)
101
                archive
102
                certs_export
103
                ;;
104
        --import | -i)
105
                nb_args=$#
106
                if [ $nb_args -eq 1 ]
107
                then
108
                        echo "Il faut passer un fichier de certificat en paramètre !!!"
109
                        exit 0
110
                fi
111
                import $2
112
                ;;
113
        *)
114
                echo "Unknown argument :$1";
115
                echo "$usage"
116
                exit 1
117
                ;;
118
esac
119
exit 0