7,24 → 7,54 |
|
# Script permettant |
# - d'importer des certificats sur Alcasar |
# - de revenir au certificat par default |
|
# This script allows |
# - to import certificate in Alcasar |
# - to import a certificate in Alcasar |
# - to go back to the default certificate |
|
SED="/bin/sed -ri" |
|
DIR_CERT="/etc/pki/tls" |
|
usage="Usage: alcasar-importcert.sh -i YourCertificate.crt -k YourAlcasar.key -c Chaîne.com" |
usage="Usage: alcasar-importcert.sh -i /path/to/certificate.crt -k /path/to/privatekey.key (-c /path/to/serverchain.crt) || alcasar-importcert.sh -d (Cette utilisation permet de revenir au certificat par default)" |
|
|
nb_args=$# |
args=$1 |
args1=$3 |
args2=$5 |
cert=$2 |
key=$4 |
sc=$6 |
arg1=$1 |
|
|
# nb_args=$# |
# args=$1 |
# args1=$3 |
# args2=$5 |
# cert=$2 |
# key=$4 |
# sc=$6 |
|
function defaultNdd() |
{ |
$SED 's/^DOMAIN=.*/DOMAIN=localdomain/g' /usr/local/etc/alcasar.conf |
$SED 's/\.([a-zA-Z][a-zA-Z0-9-]+(\.[a-z]{2,4})?)/.localdomain/g' /etc/hosts |
$SED 's/alcasar\.([a-zA-Z0-9-]+(\.[a-z]{2,4})?)/alcasar.localdomain/g' /etc/chilli.conf |
$SED 's/^domain.*/domain\t\tlocaldomain/g' /etc/chilli.conf |
$SED 's/^ServerName.*/ServerName alcasar.localdomain/g' /etc/httpd/conf/httpd.conf |
} |
|
function defaultCert() |
{ |
cd $DIR_CERT |
rm private/alcasar.key |
rm certs/alcasar.crt |
mv certs/alcasar.crt.old certs/alcasar.crt |
mv private/alcasar.key.old private/alcasar.key |
if [ -f certs/server-chain.crt.old ] |
then |
rm certs/server-chain.crt |
mv certs/server-chain.crt.old certs/server-chain.crt |
fi |
} |
|
function domainName() # change the domain name in the conf files |
{ |
|
31,7 → 61,7 |
ndd=$(openssl x509 -noout -subject -in $cert | sed -n '/^subject/s/^.*CN=//p') |
echo $ndd |
if [ "$ndd" != "" ] |
then |
then |
$SED "s/^DOMAIN=.*/DOMAIN=$ndd/g" /usr/local/etc/alcasar.conf |
$SED "s/\.([a-zA-Z][a-zA-Z0-9-]+(\.[a-z]{2,4})?)/.$ndd/g" /etc/hosts |
$SED "s/alcasar\.([a-zA-Z0-9-]+(\.[a-z]{2,4})?)/alcasar.$ndd/g" /etc/chilli.conf |
43,7 → 73,7 |
function certImport() |
{ |
cd $DIR_CERT |
|
|
if [ ! -f "/etc/pki/tls/certs/alcasar.crt.old" ] |
then |
echo "Backup of old cert (alcasar.crt)" |
54,7 → 84,7 |
echo "Backup of old private key (alcasar.key)" |
mv private/alcasar.key private/alcasar.key.old |
fi |
|
|
cp $cert certs/alcasar.crt |
cp $key private/alcasar.key |
|
78,55 → 108,74 |
fi |
} |
|
if [ $nb_args -eq 0 ] || [ "$cert" == "" ] || [ "$key" == "" ] |
|
if [ $nb_args -eq 0 ] |
then |
nb_args=1 |
args="-h" |
echo "$usage" |
exit 1 |
fi |
|
case $args in |
case $arg1 in |
-\? | -h* | --h*) |
echo "$usage" |
exit 0 |
;; |
-i) |
echo "You want import the certificate: $2" |
arg3=$3 |
arg5=$5 |
cert=$2 |
key=$4 |
sc=$6 |
|
if [ "$cert" == "" ] || [ "$key" == "" ] |
then |
echo "$usage" |
exit 1 |
fi |
|
if [ ! -f "$cert" -o ! -f "$key" ] |
then |
echo "Certificate and/or private key not found" |
exit 1 |
fi |
|
if [ ${cert: -4} != ".crt" ] |
then |
echo "Invalid certificate file" |
exit 1 |
fi |
|
if [ ${key: -4} != ".key" ] |
then |
echo "Invalid private key" |
exit 1 |
fi |
|
if [ "$arg5" != "-c" ] || [ ! -f "$sc" ] |
then |
echo "No server-chain given" |
echo "Importing certificate $cert with private key $key" |
sc="" |
else |
echo "Importing certificate $cert with private key $key and server-chain $sc" |
fi |
|
domainName $cert |
certImport $cert $key $sc |
systemctl restart chilli.service |
systemctl restart httpd.service |
;; |
-d) |
if [ -f "/etc/pki/tls/certs/alcasar.crt.old" -a -f "/etc/pki/tls/private/alcasar.key.old" ] |
then |
echo "Restoring default certificate" |
defaultCert |
defaultNdd |
systemctl restart chilli.service |
systemctl restart httpd.service |
fi |
;; |
*) |
echo "Unknown argument: $1" |
echo "$usage" |
exit 1 |
;; |
esac |
|
case $args1 in |
-\? | -h* | --h*) |
echo "$usage" |
exit 0 |
;; |
-k) |
echo "With the private key: $4" |
;; |
*) |
echo "Unknown argument: $3" |
echo "$usage" |
exit 1 |
;; |
esac |
|
if [ "$args2" == "-c" ] |
then |
echo "And the cert-chain: $6" |
if [ "$sc" == "" ] |
then |
echo "! Can't find the file of the chain-cert" |
fi |
else |
echo "Without a cert-chain" |
sc="" |
fi |
|
domainName |
certImport $cert $key $sc |
systemctl restart chilli.service |
systemctl restart httpd.service |