| 3141 |
rexy |
1 |
#!/bin/sh
|
|
|
2 |
|
|
|
3 |
# Id: $Id$
|
|
|
4 |
|
|
|
5 |
# alcasar-certificates.sh
|
|
|
6 |
# by Franck BOUIJOUX and REXY
|
|
|
7 |
# This script is distributed under the Gnu General Public License (GPL)
|
|
|
8 |
|
|
|
9 |
# Script permettant
|
|
|
10 |
# - d'exporter les certificats d'un serveur pour les transposer sur un autre.
|
|
|
11 |
|
|
|
12 |
# This script allows
|
|
|
13 |
# - export certificates server to move them.
|
|
|
14 |
|
|
|
15 |
|
|
|
16 |
DIR_EXPORT="/root/Certificats"
|
|
|
17 |
DIR_PKI="/etc/pki"
|
|
|
18 |
DIR_SAVE="/root/PKI_SAVE"
|
|
|
19 |
DIR_IMPORT="/root/Certificats"
|
|
|
20 |
|
|
|
21 |
|
|
|
22 |
usage="Usage: alcasar-certificates.sh {--export or -x} | {--import or -i <FileOfCertificate.tar.gz>} "
|
|
|
23 |
|
|
|
24 |
nb_args=$#
|
|
|
25 |
args=$1
|
|
|
26 |
if [ $nb_args -eq 0 ]
|
|
|
27 |
then
|
|
|
28 |
nb_args=1
|
|
|
29 |
args="-h"
|
|
|
30 |
fi
|
|
|
31 |
|
|
|
32 |
|
|
|
33 |
NOW="$(date +%G%m%d-%Hh%M)" # date et heure du moment
|
|
|
34 |
FILE="certificates-$NOW"
|
|
|
35 |
DIR_SAVE=$DIR_SAVE-$NOW
|
|
|
36 |
|
|
|
37 |
# Function of export
|
|
|
38 |
function certs_export() {
|
|
|
39 |
# Export of CA Certificate
|
|
|
40 |
cd /root
|
|
|
41 |
tar cvf $FILE.tar $DIR_PKI/CA/{alcasar-ca.crt,private/alcasar-ca.key}
|
|
|
42 |
|
|
|
43 |
# Export of server Certificate
|
|
|
44 |
tar rvf $FILE.tar $DIR_PKI/tls/{certs/alcasar.crt,private/alcasar.key,certs/server-chain.pem}
|
|
|
45 |
gzip $FILE.tar
|
|
|
46 |
echo "Le fichier des certificats exportés est : $FILE.tar.gz"
|
|
|
47 |
} # end function export
|
|
|
48 |
|
|
|
49 |
|
|
|
50 |
function archive() {
|
|
|
51 |
# Sauvegarde de la pki actuelle
|
|
|
52 |
[ -d $DIR_SAVE ] || mkdir $DIR_SAVE
|
|
|
53 |
|
|
|
54 |
# Save of CA Certificate
|
|
|
55 |
cd $DIR_PKI/CA/
|
|
|
56 |
cp alcasar-ca.crt $DIR_SAVE/.
|
|
|
57 |
cp private/alcasar-ca.key $DIR_SAVE/.
|
|
|
58 |
|
|
|
59 |
# Save of server Certificate
|
|
|
60 |
cd $DIR_PKI/tls
|
|
|
61 |
cp certs/alcasar.crt $DIR_SAVE/.
|
|
|
62 |
cp private/alcasar.key $DIR_SAVE/.
|
|
|
63 |
cp certs/server-chain.pem $DIR_SAVE/.
|
|
|
64 |
} # end function archive
|
|
|
65 |
|
|
|
66 |
function import() {
|
|
|
67 |
echo "Would you like to Import New Certificates in ALCASAR ?"
|
|
|
68 |
read response
|
|
|
69 |
if [ $response = "y" ] || [ $response = "o" ] || [ $response = "Y" ] || [ $response = "O" ]
|
|
|
70 |
then
|
|
|
71 |
[ -d $DIR_IMPORT ] || mkdir $DIR_IMPORT
|
|
|
72 |
rm -rf $DIR_IMPORT/*
|
|
|
73 |
|
|
|
74 |
# Import of CA Certificate
|
|
|
75 |
tar xzvf $1 --directory=$DIR_IMPORT
|
|
|
76 |
|
|
|
77 |
(cat $DIR_PKI/tls/private/alcasar.key; echo; cat $DIR_PKI/tls/certs/alcasar.crt) > $DIR_PKI/tls/private/alcasar.pem
|
|
|
78 |
|
|
|
79 |
echo "Import new certificates in ALCASAR !!!"
|
|
|
80 |
cp -r $DIR_IMPORT/* /.
|
|
|
81 |
chown root:apache $DIR_PKI/CA/{alcasar-ca.crt,private/alcasar-ca.key}
|
|
|
82 |
chown root:apache $DIR_PKI/tls/{certs/alcasar.crt,private/alcasar.key,private/alcasar.pem,certs/server-chain.pem}
|
|
|
83 |
|
|
|
84 |
chmod 750 $DIR_PKI/CA/{alcasar-ca.crt,private/alcasar-ca.key}
|
|
|
85 |
chmod 750 $DIR_PKI/tls/{certs/alcasar.crt,private/alcasar.key,private/alcasar.pem,certs/server-chain.pem}
|
|
|
86 |
|
|
|
87 |
service lighttpd restart
|
|
|
88 |
else
|
|
|
89 |
echo "You are not import new certificates !!!"
|
|
|
90 |
exit 0
|
|
|
91 |
fi
|
|
|
92 |
} # end import
|
|
|
93 |
|
|
|
94 |
# Core script
|
|
|
95 |
case $args in
|
|
|
96 |
-\? | -h* | --h*)
|
|
|
97 |
echo "$usage"
|
|
|
98 |
exit 0
|
|
|
99 |
;;
|
|
|
100 |
--export | -x)
|
|
|
101 |
archive
|
|
|
102 |
certs_export
|
|
|
103 |
;;
|
|
|
104 |
--import | -i)
|
|
|
105 |
nb_args=$#
|
|
|
106 |
if [ $nb_args -eq 1 ]
|
|
|
107 |
then
|
|
|
108 |
echo "Il faut passer un fichier de certificat en paramètre !!!"
|
|
|
109 |
exit 0
|
|
|
110 |
fi
|
|
|
111 |
import $2
|
|
|
112 |
;;
|
|
|
113 |
*)
|
|
|
114 |
echo "Unknown argument :$1";
|
|
|
115 |
echo "$usage"
|
|
|
116 |
exit 1
|
|
|
117 |
;;
|
|
|
118 |
esac
|
|
|
119 |
exit 0
|