Rev 1736 | Go to most recent revision | Blame | Compare with Previous | Last modification | View Log
#!/bin/sh
# alcasar-importcert.sh
# by Raphaël, Hugo, Clément, Bettyna
# This script is distributed under the Gnu General Public License (GPL)
# Script permettant
# - d'importer des certificats sur Alcasar
# This script allows
# - to import certificate in Alcasar
SED="/bin/sed -ri"
DIR_CERT="/etc/pki/tls"
usage="Usage: alcasar-importcert.sh -i YourCertificate.crt -k YourAlcasar.key -c Chaîne.com"
nb_args=$#
args=$1
args1=$3
args2=$5
cert=$2
key=$4
sc=$6
function domainName() # change the domain name in the conf files
{
ndd=$(openssl x509 -noout -subject -in $cert | sed -n '/^subject/s/^.*CN=//p')
echo $ndd
if [ "$ndd" != "" ]
then
$SED "s/^DOMAIN=.*/DOMAIN=$ndd/g" /usr/local/etc/alcasar.conf
$SED "s/\.([a-zA-Z][a-zA-Z0-9-]+(\.[a-z]{2,4})?)/.$ndd/g" /etc/hosts
$SED "s/alcasar\.([a-zA-Z0-9-]+(\.[a-z]{2,4})?)/alcasar.$ndd/g" /etc/chilli.conf
$SED "s/^domain.*/domain\t\t$ndd/g" /etc/chilli.conf
$SED "s/^ServerName.*/ServerName alcasar.$ndd/g" /etc/httpd/conf/httpd.conf
fi
}
function certImport()
{
cd $DIR_CERT
if [ ! -f "/etc/pki/tls/certs/alcasar.crt.old" ]
then
echo "Backup of old cert (alcasar.crt)"
mv certs/alcasar.crt certs/alcasar.crt.old
fi
if [ ! -f "/etc/pki/tls/private/alcasar.key.old" ]
then
echo "Backup of old private key (alcasar.key)"
mv private/alcasar.key private/alcasar.key.old
fi
cp $cert certs/alcasar.crt
cp $key private/alcasar.key
chown root:apache certs/alcasar.crt
chown root:apache private/alcasar.key
chmod 750 certs/alcasar.crt
chmod 750 private/alcasar.key
if [ "$sc" != "" ]
then
echo "cert-chain exists"
if [ ! -f "/etc/pki/tls/certs/server-chain.crt.old" ]
then
echo "Backup of old cert-chain (server-chain.crt)"
mv certs/server-chain.crt certs/server-chain.crt.old
fi
cp $sc certs/server-chain.crt
chown root:apache certs/server-chain.crt
chmod 750 certs/server-chain.crt
fi
}
if [ $nb_args -eq 0 ] || [ "$cert" == "" ] || [ "$key" == "" ]
then
nb_args=1
args="-h"
fi
case $args in
-\? | -h* | --h*)
echo "$usage"
exit 0
;;
-i)
echo "You want import the certificate: $2"
;;
*)
echo "Unknown argument: $1"
echo "$usage"
exit 1
;;
esac
case $args1 in
-\? | -h* | --h*)
echo "$usage"
exit 0
;;
-k)
echo "With the private key: $4"
;;
*)
echo "Unknown argument: $3"
echo "$usage"
exit 1
;;
esac
if [ "$args2" == "-c" ]
then
echo "And the cert-chain: $6"
if [ "$sc" == "" ]
then
echo "! Can't find the file of the chain-cert"
fi
else
echo "Without a cert-chain"
sc=""
fi
domainName
certImport $cert $key $sc
systemctl restart chilli.service
systemctl restart httpd.service