1,13 → 1,13 |
#!/bin/bash |
#!/bin/sh |
# $Id$ |
|
# alcasar-CA.sh |
# by Franck BOUIJOUX, Pascal LEVANT and Richard REY |
# This script is distributed under the Gnu General Public License (GPL) |
|
# Création de la PKI et des certificats ALCASAR - Plusieurs idées ont été récupéées dans le script "nessus-mkcert" de Renaud Deraison et Michel Arboi |
# Creation of the ALCASAR PKI and certificates - Some ideas are from "nessus-mkcert" script written by Renaud Deraison and Michel Arboi |
|
# |
# Some ideas from "nessus-mkcert" script written by Renaud Deraison <deraison@cvs.nessus.org> |
# and Michel Arboi <arboi@alussinan.org> |
# |
DIR_TMP=${TMPDIR-/tmp}/alcasar-mkcert.$$ |
DIR_PKI=/etc/pki |
DIR_CERT=$DIR_PKI/tls |
14,9 → 14,10 |
DIR_WEB=/var/www/html |
CACERT=$DIR_PKI/CA/alcasar-ca.crt |
CAKEY=$DIR_PKI/CA/private/alcasar-ca.key |
SRVREQ=$DIR_CERT/alcasar.req |
SRVKEY=$DIR_CERT/private/alcasar.key |
SRVCERT=$DIR_CERT/certs/alcasar.crt |
SRVKEY=$DIR_CERT/private/alcasar.key |
SRVREQ=$DIR_CERT/alcasar.req |
SRVCHAIN=$DIR_CERT/certs/server-chain.crt |
|
CACERT_LIFETIME="1460" |
SRVCERT_LIFETIME="1460" |
216,8 → 217,10 |
echo "*********SRVCERT*********" >> $DIR_TMP/openssl-log |
openssl ca -config $DIR_TMP/ssl.conf -name AlcasarCA -batch -days $SRVCERT_LIFETIME -in $SRVREQ -out $SRVCERT 2>> $DIR_TMP/openssl-log |
rm -f $SRVREQ |
chmod a+r $CACERT $SRVCERT |
cp -f $SRVCERT $SRVCHAIN # in order to simplify the official intranet certificate import process |
chmod a+r $CACERT $SRVCERT $SRVCHAIN |
|
# Link certs in ALCASAR Control Center |
if [ -s "$CACERT" -a -s "$CAKEY" -a -s "$SRVCERT" -a -s "$SRVKEY" ]; |
then |
[ -d $DIR_WEB/certs ] || mkdir -p $DIR_WEB/certs |