3
# $Id: httpscert,v 1.1.2.2 2005/12/15 21:59:57 eoberlander Exp $
4
# new : generate new certificate
5
# read: read issuer in certificate and verify if it is the same as hostname
7
# See how we were called.
10
# set temporary random file
11
export RANDFILE=/root/.rnd
12
if [ ! -f /etc/httpd/server.key ]; then
13
echo "Generating https server key."
14
/usr/bin/openssl genrsa -rand \
15
/boot/vmlinuz:CONFIG_ROOT/ethernet/settings -out \
16
/etc/httpd/server.key 1024
19
/bin/cat /etc/certparams | sed "s/HOSTNAME/`hostname -f`/" | /usr/bin/openssl \
20
req -new -key /etc/httpd/server.key -out /etc/httpd/server.csr
21
echo "Signing certificate"
22
/usr/bin/openssl x509 -req -days 999999 -in \
23
/etc/httpd/server.csr -signkey /etc/httpd/server.key -out \
25
# unset and remove random file
30
if [ -f /etc/httpd/server.key -a -f /etc/httpd/server.crt -a -f /etc/httpd/server.csr ]; then
31
ISSUER=`openssl x509 -in /etc/httpd/server.crt -text -noout | grep Issuer | /usr/bin/cut -f2 -d '='`
32
HOSTNAME=`/bin/hostname -f`
33
if [ "$ISSUER" != "$HOSTNAME" ]; then
34
echo "Certificate issuer '$ISSUER' is not the same as the hostname'$HOSTNAME'"
35
echo "Probably host or domain name has been changed in setup"
36
echo "You could remake server certificate with '/usr/local/bin/httpscert new'"
39
echo "https certificate issuer match $HOSTNAME"
42
echo "Certificate not found"
47
/bin/echo "Usage: $0 {read|new}"