Subversion Repositories ALCASAR

Rev

Rev 1733 | Go to most recent revision | Blame | Compare with Previous | Last modification | View Log

#!/bin/sh

# alcasar-importcert.sh
# by Raphaël, Hugo, Clément, Bettyna

# This script is distributed under the Gnu General Public License (GPL)

# Script permettant
# - d'importer des certificats sur Alcasar

# This script allows
# - to import certificate in Alcasar

SED="/bin/sed -ri"

DIR_CERT="/etc/pki/tls"

usage="Usage: alcasar-importcert.sh -i YourCertificate.crt -k YourAlcasar.key -c Chaîne.com"

nb_args=$#
args=$1
args1=$3
args2=$5
cert=$2
key=$4
sc=$6

function domainName() # change the domain name in the conf files
{

        ndd=$(openssl x509 -noout -subject -in $cert | sed -n '/^subject/s/^.*CN=//p')
        echo $ndd
        if [ "$ndd" != "" ]
        then    
                $SED "s/^DOMAIN=.*/DOMAIN=$ndd/g" /usr/local/etc/alcasar.conf
                $SED "s/\.([a-zA-Z][a-zA-Z0-9-]+(\.[a-z]{2,4})?)/.$ndd/g" /etc/hosts
                $SED "s/alcasar\.([a-zA-Z0-9-]+(\.[a-z]{2,4})?)/alcasar.$ndd/g" /etc/chilli.conf
                $SED "s/^domain.*/domain\t\t$ndd/g" /etc/chilli.conf
                $SED "s/^ServerName.*/ServerName alcasar.$ndd/g" /etc/httpd/conf/httpd.conf
        fi
}

function certImport()
{
        cd $DIR_CERT
        
        if [ ! -f "/etc/pki/tls/certs/alcasar.crt.old" ]
        then
                echo "Backup of old cert (alcasar.crt)"
                mv certs/alcasar.crt certs/alcasar.crt.old
        fi
        if [ ! -f "/etc/pki/tls/private/alcasar.key.old" ]
        then
                echo "Backup of old private key (alcasar.key)"
                mv private/alcasar.key private/alcasar.key.old
        fi
        
        cp $cert certs/alcasar.crt
        cp $key private/alcasar.key

        chown root:apache certs/alcasar.crt
        chown root:apache private/alcasar.key

        chmod 750 certs/alcasar.crt
        chmod 750 private/alcasar.key

        if [ "$sc" != "" ]
        then
                echo "cert-chain exists"
                if [ ! -f "/etc/pki/tls/certs/server-chain.crt.old" ]
                then
                        echo "Backup of old cert-chain (server-chain.crt)"
                        mv certs/server-chain.crt certs/server-chain.crt.old
                fi
                cp $sc certs/server-chain.crt
                chown root:apache certs/server-chain.crt
                chmod 750 certs/server-chain.crt
        fi
}

if [ $nb_args -eq 0 ] || [ "$cert" == "" ] || [ "$key" == "" ]
then
        nb_args=1
        args="-h"
fi

case $args in
        -\? | -h* | --h*)
                echo "$usage"
                exit 0
                ;;
        -i)
                echo "You want import the certificate: $2"
                ;;
        *)
        echo "Unknown argument: $1"
        echo "$usage"
        exit 1
        ;;
esac

case $args1 in
        -\? | -h* | --h*)
                echo "$usage"
                exit 0
                ;;
        -k)
                echo "With the private key: $4"
                ;;
        *)
        echo "Unknown argument: $3"
        echo "$usage"
        exit 1
        ;;
esac

if [ "$args2" == "-c" ]
then
        echo "And the cert-chain: $6"
        if [ "$sc" == "" ]
        then
                echo "! Can't find the file of the chain-cert"
        fi
else
        echo "Without a cert-chain"
        sc=""
fi

domainName
certImport $cert $key $sc
systemctl restart chilli.service
systemctl restart httpd.service