Subversion Repositories ALCASAR

Compare Revisions

Ignore whitespace Rev 1732 → Rev 1733

/scripts/alcasar-importcert.sh
7,24 → 7,54
 
# Script permettant
# - d'importer des certificats sur Alcasar
# - de revenir au certificat par default
 
# This script allows
# - to import certificate in Alcasar
# - to import a certificate in Alcasar
# - to go back to the default certificate
 
SED="/bin/sed -ri"
 
DIR_CERT="/etc/pki/tls"
 
usage="Usage: alcasar-importcert.sh -i YourCertificate.crt -k YourAlcasar.key -c ChaƮne.com"
usage="Usage: alcasar-importcert.sh -i /path/to/certificate.crt -k /path/to/privatekey.key (-c /path/to/serverchain.crt) || alcasar-importcert.sh -d (Cette utilisation permet de revenir au certificat par default)"
 
 
nb_args=$#
args=$1
args1=$3
args2=$5
cert=$2
key=$4
sc=$6
arg1=$1
 
 
# nb_args=$#
# args=$1
# args1=$3
# args2=$5
# cert=$2
# key=$4
# sc=$6
 
function defaultNdd()
{
$SED 's/^DOMAIN=.*/DOMAIN=localdomain/g' /usr/local/etc/alcasar.conf
$SED 's/\.([a-zA-Z][a-zA-Z0-9-]+(\.[a-z]{2,4})?)/.localdomain/g' /etc/hosts
$SED 's/alcasar\.([a-zA-Z0-9-]+(\.[a-z]{2,4})?)/alcasar.localdomain/g' /etc/chilli.conf
$SED 's/^domain.*/domain\t\tlocaldomain/g' /etc/chilli.conf
$SED 's/^ServerName.*/ServerName alcasar.localdomain/g' /etc/httpd/conf/httpd.conf
}
 
function defaultCert()
{
cd $DIR_CERT
rm private/alcasar.key
rm certs/alcasar.crt
mv certs/alcasar.crt.old certs/alcasar.crt
mv private/alcasar.key.old private/alcasar.key
if [ -f certs/server-chain.crt.old ]
then
rm certs/server-chain.crt
mv certs/server-chain.crt.old certs/server-chain.crt
fi
}
 
function domainName() # change the domain name in the conf files
{
 
31,7 → 61,7
ndd=$(openssl x509 -noout -subject -in $cert | sed -n '/^subject/s/^.*CN=//p')
echo $ndd
if [ "$ndd" != "" ]
then
then
$SED "s/^DOMAIN=.*/DOMAIN=$ndd/g" /usr/local/etc/alcasar.conf
$SED "s/\.([a-zA-Z][a-zA-Z0-9-]+(\.[a-z]{2,4})?)/.$ndd/g" /etc/hosts
$SED "s/alcasar\.([a-zA-Z0-9-]+(\.[a-z]{2,4})?)/alcasar.$ndd/g" /etc/chilli.conf
43,7 → 73,7
function certImport()
{
cd $DIR_CERT
 
if [ ! -f "/etc/pki/tls/certs/alcasar.crt.old" ]
then
echo "Backup of old cert (alcasar.crt)"
54,7 → 84,7
echo "Backup of old private key (alcasar.key)"
mv private/alcasar.key private/alcasar.key.old
fi
 
cp $cert certs/alcasar.crt
cp $key private/alcasar.key
 
78,55 → 108,74
fi
}
 
if [ $nb_args -eq 0 ] || [ "$cert" == "" ] || [ "$key" == "" ]
 
if [ $nb_args -eq 0 ]
then
nb_args=1
args="-h"
echo "$usage"
exit 1
fi
 
case $args in
case $arg1 in
-\? | -h* | --h*)
echo "$usage"
exit 0
;;
-i)
echo "You want import the certificate: $2"
arg3=$3
arg5=$5
cert=$2
key=$4
sc=$6
 
if [ "$cert" == "" ] || [ "$key" == "" ]
then
echo "$usage"
exit 1
fi
 
if [ ! -f "$cert" -o ! -f "$key" ]
then
echo "Certificate and/or private key not found"
exit 1
fi
 
if [ ${cert: -4} != ".crt" ]
then
echo "Invalid certificate file"
exit 1
fi
 
if [ ${key: -4} != ".key" ]
then
echo "Invalid private key"
exit 1
fi
 
if [ "$arg5" != "-c" ] || [ ! -f "$sc" ]
then
echo "No server-chain given"
echo "Importing certificate $cert with private key $key"
sc=""
else
echo "Importing certificate $cert with private key $key and server-chain $sc"
fi
 
domainName $cert
certImport $cert $key $sc
systemctl restart chilli.service
systemctl restart httpd.service
;;
-d)
if [ -f "/etc/pki/tls/certs/alcasar.crt.old" -a -f "/etc/pki/tls/private/alcasar.key.old" ]
then
echo "Restoring default certificate"
defaultCert
defaultNdd
systemctl restart chilli.service
systemctl restart httpd.service
fi
;;
*)
echo "Unknown argument: $1"
echo "$usage"
exit 1
;;
esac
 
case $args1 in
-\? | -h* | --h*)
echo "$usage"
exit 0
;;
-k)
echo "With the private key: $4"
;;
*)
echo "Unknown argument: $3"
echo "$usage"
exit 1
;;
esac
 
if [ "$args2" == "-c" ]
then
echo "And the cert-chain: $6"
if [ "$sc" == "" ]
then
echo "! Can't find the file of the chain-cert"
fi
else
echo "Without a cert-chain"
sc=""
fi
 
domainName
certImport $cert $key $sc
systemctl restart chilli.service
systemctl restart httpd.service