~vcs-imports/ipfire/ipfire-2.x

« back to all changes in this revision

Viewing changes to src/scripts/httpscert

  • Committer: ipfire
  • Date: 2006-02-15 21:15:54 UTC
  • Revision ID: git-v1:cd1a2927226c734d96478e12bb768256fb64a06a


git-svn-id: http://svn.ipfire.org/svn/ipfire/IPFire/source@16 ea5c0bd1-69bd-2848-81d8-4f18e57aeed8

Show diffs side-by-side

added added

removed removed

Lines of Context:
 
1
#!/bin/sh
 
2
#
 
3
# $Id: httpscert,v 1.1.2.2 2005/12/15 21:59:57 eoberlander Exp $
 
4
# new : generate new certificate
 
5
# read: read issuer in certificate and verify if it is the same as hostname
 
6
 
 
7
# See how we were called.
 
8
case "$1" in
 
9
  new)
 
10
        # set temporary random file
 
11
        export RANDFILE=/root/.rnd
 
12
        if [ ! -f /etc/httpd/server.key ]; then
 
13
                echo "Generating https server key."
 
14
                /usr/bin/openssl genrsa -rand \
 
15
                        /boot/vmlinuz:CONFIG_ROOT/ethernet/settings -out \
 
16
                        /etc/httpd/server.key 1024
 
17
        fi
 
18
        echo "Generating CSR"
 
19
        /bin/cat /etc/certparams | sed "s/HOSTNAME/`hostname -f`/" | /usr/bin/openssl \
 
20
                req -new -key /etc/httpd/server.key -out /etc/httpd/server.csr
 
21
        echo "Signing certificate"
 
22
        /usr/bin/openssl x509 -req -days 999999 -in \
 
23
                /etc/httpd/server.csr -signkey /etc/httpd/server.key -out \
 
24
                /etc/httpd/server.crt
 
25
        # unset and remove random file
 
26
        export -n RANDFILE
 
27
        rm -f /root/.rnd
 
28
        ;;
 
29
  read)
 
30
        if [ -f /etc/httpd/server.key -a -f /etc/httpd/server.crt -a -f /etc/httpd/server.csr ]; then
 
31
                ISSUER=`openssl x509 -in /etc/httpd/server.crt -text -noout | grep Issuer | /usr/bin/cut -f2 -d '='`
 
32
                HOSTNAME=`/bin/hostname -f`
 
33
                if [ "$ISSUER" != "$HOSTNAME" ]; then
 
34
                        echo "Certificate issuer '$ISSUER' is not the same as the hostname'$HOSTNAME'"
 
35
                        echo "Probably host or domain name has been changed in setup"
 
36
                        echo "You could remake server certificate with '/usr/local/bin/httpscert new'"
 
37
                        exit 1
 
38
                else
 
39
                        echo "https certificate issuer match $HOSTNAME"
 
40
                fi
 
41
        else
 
42
                echo "Certificate not found"
 
43
                exit 1
 
44
        fi
 
45
        ;;
 
46
  *)
 
47
        /bin/echo "Usage: $0 {read|new}"
 
48
        exit 1
 
49
        ;;
 
50
esac