WebSVN – ALCASAR – Diff – /scripts/alcasar-certificates.sh


#!/bin/sh
 
# Id: $Id$
 
# alcasar-certificates.sh
# by Franck BOUIJOUX and REXY
# This script is distributed under the Gnu General Public License (GPL)
 
# Script permettant
#	- d'exporter les certificats d'un serveur pour les transposer sur un autre.
 
# This script allows
#	- export certificates server to move them.
 
 
DIR_EXPORT="/root/Certificats"
DIR_PKI="/etc/pki"
DIR_SAVE="/root/PKI_SAVE"
DIR_IMPORT="/root/Certificats"
 
 
usage="Usage: alcasar-certificates.sh {--export or -x} | {--import or -i <FileOfCertificate.tar.gz>} "
 
nb_args=$#
args=$1
if [ $nb_args -eq 0 ]
then
	nb_args=1
	args="-h"
fi
 
 
NOW="$(date +%G%m%d-%Hh%M)"		# date et heure du moment
FILE="certificates-$NOW"
DIR_SAVE=$DIR_SAVE-$NOW
 
# Function of export
function certs_export() {
	#  Export of CA Certificate
	cd /root
	tar cvf $FILE.tar $DIR_PKI/CA/{alcasar-ca.crt,private/alcasar-ca.key}
 
	#  Export of server Certificate
	tar rvf $FILE.tar $DIR_PKI/tls/{certs/alcasar.crt,private/alcasar.key,certs/server-chain.crt}
	gzip $FILE.tar
	echo "Le fichier des certificats exportés est : $FILE.tar.gz"
} # end function export
 
 
function archive() {
	# Sauvegarde de la pki actuelle
	[ -d $DIR_SAVE ] || mkdir $DIR_SAVE
 
	#  Save of CA Certificate
	cd $DIR_PKI/CA/
	cp alcasar-ca.crt $DIR_SAVE/.
	cp private/alcasar-ca.key $DIR_SAVE/.
 
	#  Save of server Certificate
	cd $DIR_PKI/tls
	cp certs/alcasar.crt $DIR_SAVE/.
	cp private/alcasar.key $DIR_SAVE/.
	cp certs/server-chain.crt $DIR_SAVE/.
} # end function archive
 
function import() {
	echo "Would you like to Import New Certificates in ALCASAR ?"
	read response
	if [ $response = "y" ] || [ $response = "o" ] || [ $response = "Y" ] || [ $response = "O" ]
	then
		[ -d $DIR_IMPORT ] || mkdir $DIR_IMPORT
		rm -rf $DIR_IMPORT/*
 
		#  Import of CA Certificate
		tar xzvf $1 --directory=$DIR_IMPORT
 
		(cat $DIR_PKI/tls/private/alcasar.key; echo; cat $DIR_PKI/tls/certs/alcasar.crt) > $DIR_PKI/tls/private/alcasar.pem
 
		echo "Import new certificates in ALCASAR !!!"
		cp -r $DIR_IMPORT/* /.
		chown root:apache $DIR_PKI/CA/{alcasar-ca.crt,private/alcasar-ca.key}
		chown root:apache $DIR_PKI/tls/{certs/alcasar.crt,private/alcasar.key,private/alcasar.pem,certs/server-chain.crt}
 
		chmod 750 $DIR_PKI/CA/{alcasar-ca.crt,private/alcasar-ca.key}
		chmod 750 $DIR_PKI/tls/{certs/alcasar.crt,private/alcasar.key,private/alcasar.pem,certs/server-chain.crt}
 
		service lighttpd restart
	else
		echo "You are not import new certificates !!!"
		exit 0
	fi
} # end import
 
#  Core script
case $args in
	-\? | -h* | --h*)
		echo "$usage"
		exit 0
		;;
	--export | -x)	
		archive
		certs_export
		;;
	--import | -i)
		nb_args=$#
		if [ $nb_args -eq 1 ]
		then
			echo "Il faut passer un fichier de certificat en paramètre !!!"
			exit 0
		fi
		import $2
		;;
	*)
		echo "Unknown argument :$1";
		echo "$usage"
		exit 1
		;;
esac
exit 0
 
 

Rev 2488	Rev 2554
1	`#!/bin/sh`	1	`#!/bin/sh`
2		2
3	`# Id: $Id$`	3	`# Id: $Id$`
4		4
5	`# alcasar-certificates.sh`	5	`# alcasar-certificates.sh`
6	`# by Franck BOUIJOUX and REXY`	6	`# by Franck BOUIJOUX and REXY`
7	`# This script is distributed under the Gnu General Public License (GPL)`	7	`# This script is distributed under the Gnu General Public License (GPL)`
8		8
9	`# Script permettant`	9	`# Script permettant`
10	`# - d'exporter les certificats d'un serveur pour les transposer sur un autre.`	10	`# - d'exporter les certificats d'un serveur pour les transposer sur un autre.`
11		11
12	`# This script allows`	12	`# This script allows`
13	`# - export certificates server to move them.`	13	`# - export certificates server to move them.`
14		14
15		15
16	`DIR_EXPORT="/root/Certificats"`	16	`DIR_EXPORT="/root/Certificats"`
17	`DIR_PKI="/etc/pki"`	17	`DIR_PKI="/etc/pki"`
18	`DIR_SAVE="/root/PKI_SAVE"`	18	`DIR_SAVE="/root/PKI_SAVE"`
19	`DIR_IMPORT="/root/Certificats"`	19	`DIR_IMPORT="/root/Certificats"`
20		20
21		21
22	`usage="Usage: alcasar-certificates.sh {--export or -x} \| {--import or -i <FileOfCertificate.tar.gz>} "`	22	`usage="Usage: alcasar-certificates.sh {--export or -x} \| {--import or -i <FileOfCertificate.tar.gz>} "`
23		23
24	`nb_args=$#`	24	`nb_args=$#`
25	`args=$1`	25	`args=$1`
26	`if [ $nb_args -eq 0 ]`	26	`if [ $nb_args -eq 0 ]`
27	`then`	27	`then`
28	`nb_args=1`	28	`nb_args=1`
29	`args="-h"`	29	`args="-h"`
30	`fi`	30	`fi`
31		31
32		32
33	`NOW="$(date +%G%m%d-%Hh%M)" # date et heure du moment`	33	`NOW="$(date +%G%m%d-%Hh%M)" # date et heure du moment`
34	`FILE="certificates-$NOW"`	34	`FILE="certificates-$NOW"`
35	`DIR_SAVE=$DIR_SAVE-$NOW`	35	`DIR_SAVE=$DIR_SAVE-$NOW`
36		36
37	`# Function of export`	37	`# Function of export`
38	`function certs_export() {`	38	`function certs_export() {`
39	`# Export of CA Certificate`	39	`# Export of CA Certificate`
40	`cd /root`	40	`cd /root`
41	`tar cvf $FILE.tar $DIR_PKI/CA/{alcasar-ca.crt,private/alcasar-ca.key}`	41	`tar cvf $FILE.tar $DIR_PKI/CA/{alcasar-ca.crt,private/alcasar-ca.key}`
42		42
43	`# Export of server Certificate`	43	`# Export of server Certificate`
44	`tar rvf $FILE.tar $DIR_PKI/tls/{certs/alcasar.crt,private/alcasar.key,certs/server-chain.crt}`	44	`tar rvf $FILE.tar $DIR_PKI/tls/{certs/alcasar.crt,private/alcasar.key,certs/server-chain.crt}`
45	`gzip $FILE.tar`	45	`gzip $FILE.tar`
46	`echo "Le fichier des certificats exportés est : $FILE.tar.gz"`	46	`echo "Le fichier des certificats exportés est : $FILE.tar.gz"`
47	`} # end function export`	47	`} # end function export`
48		48
49		49
50	`function archive() {`	50	`function archive() {`
51	`# Sauvegarde de la pki actuelle`	51	`# Sauvegarde de la pki actuelle`
52	`[ -d $DIR_SAVE ] \|\| mkdir $DIR_SAVE`	52	`[ -d $DIR_SAVE ] \|\| mkdir $DIR_SAVE`
53		53
54	`# Save of CA Certificate`	54	`# Save of CA Certificate`
55	`cd $DIR_PKI/CA/`	55	`cd $DIR_PKI/CA/`
56	`cp alcasar-ca.crt $DIR_SAVE/.`	56	`cp alcasar-ca.crt $DIR_SAVE/.`
57	`cp private/alcasar-ca.key $DIR_SAVE/.`	57	`cp private/alcasar-ca.key $DIR_SAVE/.`
58		58
59	`# Save of server Certificate`	59	`# Save of server Certificate`
60	`cd $DIR_PKI/tls`	60	`cd $DIR_PKI/tls`
61	`cp certs/alcasar.crt $DIR_SAVE/.`	61	`cp certs/alcasar.crt $DIR_SAVE/.`
62	`cp private/alcasar.key $DIR_SAVE/.`	62	`cp private/alcasar.key $DIR_SAVE/.`
63	`cp certs/server-chain.crt $DIR_SAVE/.`	63	`cp certs/server-chain.crt $DIR_SAVE/.`
64	`} # end function archive`	64	`} # end function archive`
65		65
66	`function import() {`	66	`function import() {`
67	`echo "Would you like to Import New Certificates in ALCASAR ?"`	67	`echo "Would you like to Import New Certificates in ALCASAR ?"`
68	`read response`	68	`read response`
69	`if [ $response = "y" ] \|\| [ $response = "o" ] \|\| [ $response = "Y" ] \|\| [ $response = "O" ]`	69	`if [ $response = "y" ] \|\| [ $response = "o" ] \|\| [ $response = "Y" ] \|\| [ $response = "O" ]`
70	`then`	70	`then`
71	`[ -d $DIR_IMPORT ] \|\| mkdir $DIR_IMPORT`	71	`[ -d $DIR_IMPORT ] \|\| mkdir $DIR_IMPORT`
72	`rm -rf $DIR_IMPORT/*`	72	`rm -rf $DIR_IMPORT/*`
73		73
74	`# Import of CA Certificate`	74	`# Import of CA Certificate`
75	`tar xzvf $1 --directory=$DIR_IMPORT`	75	`tar xzvf $1 --directory=$DIR_IMPORT`
-		76
76	`cat $DIR_PKI/tls/private/alcasar.key $DIR_PKI/tls/certs/alcasar.crt > $DIR_PKI/tls/private/alcasar.pem`	77	`(cat $DIR_PKI/tls/private/alcasar.key; echo; cat $DIR_PKI/tls/certs/alcasar.crt) > $DIR_PKI/tls/private/alcasar.pem`
-		78
77	`echo "Import new certificates in ALCASAR !!!"`	79	`echo "Import new certificates in ALCASAR !!!"`
78	`cp -r $DIR_IMPORT/* /.`	80	`cp -r $DIR_IMPORT/* /.`
79	`chown root:apache $DIR_PKI/CA/{alcasar-ca.crt,private/alcasar-ca.key}`	81	`chown root:apache $DIR_PKI/CA/{alcasar-ca.crt,private/alcasar-ca.key}`
80	`chown root:apache $DIR_PKI/tls/{certs/alcasar.crt,private/alcasar.key,private/alcasar.pem,certs/server-chain.crt}`	82	`chown root:apache $DIR_PKI/tls/{certs/alcasar.crt,private/alcasar.key,private/alcasar.pem,certs/server-chain.crt}`
81		83
82	`chmod 750 $DIR_PKI/CA/{alcasar-ca.crt,private/alcasar-ca.key}`	84	`chmod 750 $DIR_PKI/CA/{alcasar-ca.crt,private/alcasar-ca.key}`
83	`chmod 750 $DIR_PKI/tls/{certs/alcasar.crt,private/alcasar.key,private/alcasar.pem,certs/server-chain.crt}`	85	`chmod 750 $DIR_PKI/tls/{certs/alcasar.crt,private/alcasar.key,private/alcasar.pem,certs/server-chain.crt}`
84		86
85	`service lighttpd restart`	87	`service lighttpd restart`
86	`else`	88	`else`
87	`echo "You are not import new certificates !!!"`	89	`echo "You are not import new certificates !!!"`
88	`exit 0`	90	`exit 0`
89	`fi`	91	`fi`
90	`} # end import`	92	`} # end import`
91		93
92	`# Core script`	94	`# Core script`
93	`case $args in`	95	`case $args in`
94	`-\? \| -h* \| --h*)`	96	`-\? \| -h* \| --h*)`
95	`echo "$usage"`	97	`echo "$usage"`
96	`exit 0`	98	`exit 0`
97	`;;`	99	`;;`
98	`--export \| -x)`	100	`--export \| -x)`
99	`archive`	101	`archive`
100	`certs_export`	102	`certs_export`
101	`;;`	103	`;;`
102	`--import \| -i)`	104	`--import \| -i)`
103	`nb_args=$#`	105	`nb_args=$#`
104	`if [ $nb_args -eq 1 ]`	106	`if [ $nb_args -eq 1 ]`
105	`then`	107	`then`
106	`echo "Il faut passer un fichier de certificat en paramètre !!!"`	108	`echo "Il faut passer un fichier de certificat en paramètre !!!"`
107	`exit 0`	109	`exit 0`
108	`fi`	110	`fi`
109	`import $2`	111	`import $2`
110	`;;`	112	`;;`
111	`*)`	113	`*)`
112	`echo "Unknown argument :$1";`	114	`echo "Unknown argument :$1";`
113	`echo "$usage"`	115	`echo "$usage"`
114	`exit 1`	116	`exit 1`
115	`;;`	117	`;;`
116	`esac`	118	`esac`
117	`exit 0`	119	`exit 0`
118		120
119		121

Subversion Repositories ALCASAR

(root)/scripts/alcasar-certificates.sh – Rev 2488 → 2554