Subversion Repositories ALCASAR

Compare Revisions

Ignore whitespace Rev 672 → Rev 938

/scripts/alcasar-CA.sh
1,13 → 1,13
#!/bin/bash
#!/bin/sh
# $Id$
 
# alcasar-CA.sh
# by Franck BOUIJOUX, Pascal LEVANT and Richard REY
# This script is distributed under the Gnu General Public License (GPL)
 
# Création de la PKI et des certificats ALCASAR - Plusieurs idées ont été récupéées dans le script "nessus-mkcert" de Renaud Deraison et Michel Arboi
# Creation of the ALCASAR PKI and certificates - Some ideas are from "nessus-mkcert" script written by Renaud Deraison and Michel Arboi
 
#
# Some ideas from "nessus-mkcert" script written by Renaud Deraison <deraison@cvs.nessus.org>
# and Michel Arboi <arboi@alussinan.org>
#
DIR_TMP=${TMPDIR-/tmp}/alcasar-mkcert.$$
DIR_PKI=/etc/pki
DIR_CERT=$DIR_PKI/tls
14,9 → 14,10
DIR_WEB=/var/www/html
CACERT=$DIR_PKI/CA/alcasar-ca.crt
CAKEY=$DIR_PKI/CA/private/alcasar-ca.key
SRVREQ=$DIR_CERT/alcasar.req
SRVKEY=$DIR_CERT/private/alcasar.key
SRVCERT=$DIR_CERT/certs/alcasar.crt
SRVKEY=$DIR_CERT/private/alcasar.key
SRVREQ=$DIR_CERT/alcasar.req
SRVCHAIN=$DIR_CERT/certs/server-chain.crt
 
CACERT_LIFETIME="1460"
SRVCERT_LIFETIME="1460"
216,8 → 217,10
echo "*********SRVCERT*********" >> $DIR_TMP/openssl-log
openssl ca -config $DIR_TMP/ssl.conf -name AlcasarCA -batch -days $SRVCERT_LIFETIME -in $SRVREQ -out $SRVCERT 2>> $DIR_TMP/openssl-log
rm -f $SRVREQ
chmod a+r $CACERT $SRVCERT
cp -f $SRVCERT $SRVCHAIN # in order to simplify the official intranet certificate import process
chmod a+r $CACERT $SRVCERT $SRVCHAIN
 
# Link certs in ALCASAR Control Center
if [ -s "$CACERT" -a -s "$CAKEY" -a -s "$SRVCERT" -a -s "$SRVKEY" ];
then
[ -d $DIR_WEB/certs ] || mkdir -p $DIR_WEB/certs