Subversion Repositories ALCASAR

Rev

Rev 2262 | Show entire file | Ignore whitespace | Details | Blame | Last modification | View Log

Rev 2262 Rev 2454
Line 4... Line 4...
4
 
4
 
5
# alcasar-certificates.sh
5
# alcasar-certificates.sh
6
# by Franck BOUIJOUX and REXY
6
# by Franck BOUIJOUX and REXY
7
# This script is distributed under the Gnu General Public License (GPL)
7
# This script is distributed under the Gnu General Public License (GPL)
8
 
8
 
9
# Script permettant 
9
# Script permettant
10
#	- d'exporter les certificats d'un serveur pour les transposer sur un autre.
10
#	- d'exporter les certificats d'un serveur pour les transposer sur un autre.
11
 
11
 
12
# This script allows 
12
# This script allows
13
#	- export certificates server to move them.
13
#	- export certificates server to move them.
14
 
14
 
15
 
15
 
16
DIR_EXPORT="/root/Certificats"
16
DIR_EXPORT="/root/Certificats"
17
DIR_PKI="/etc/pki"
17
DIR_PKI="/etc/pki"
Line 28... Line 28...
28
	nb_args=1
28
	nb_args=1
29
	args="-h"
29
	args="-h"
30
fi
30
fi
31
 
31
 
32
 
32
 
33
NOW="$(date +%G%m%d-%Hh%M)"  		# date et heure du moment
33
NOW="$(date +%G%m%d-%Hh%M)"		# date et heure du moment
34
FILE="certificates-$NOW"
34
FILE="certificates-$NOW"
35
DIR_SAVE=$DIR_SAVE-$NOW
35
DIR_SAVE=$DIR_SAVE-$NOW
36
 
36
 
37
# Function of export 
37
# Function of export
38
function certs_export() {
38
function certs_export() {
39
	#  Export of CA Certificate 
39
	#  Export of CA Certificate
40
	cd /root
40
	cd /root
41
	tar cvf $FILE.tar  $DIR_PKI/CA/{alcasar-ca.crt,private/alcasar-ca.key}
41
	tar cvf $FILE.tar $DIR_PKI/CA/{alcasar-ca.crt,private/alcasar-ca.key}
42
 
42
 
43
	#  Export of server Certificate 
43
	#  Export of server Certificate
44
	tar rvf $FILE.tar $DIR_PKI/tls/{certs/alcasar.crt,private/alcasar.key,certs/server-chain.crt} 
44
	tar rvf $FILE.tar $DIR_PKI/tls/{certs/alcasar.crt,private/alcasar.key,certs/server-chain.crt}
45
	gzip $FILE.tar 
45
	gzip $FILE.tar
46
	echo "Le ficher des certificats exportés est : $FILE.tar.gz"
46
	echo "Le ficher des certificats exportés est : $FILE.tar.gz"
47
} # end function export
47
} # end function export
48
 
48
 
49
 
49
 
50
function archive() {
50
function archive() {
51
	# Sauvegarde de la pki actuelle
51
	# Sauvegarde de la pki actuelle
52
	[ -d $DIR_SAVE ] || mkdir $DIR_SAVE
52
	[ -d $DIR_SAVE ] || mkdir $DIR_SAVE
53
 
53
 
54
	#  Save of CA Certificate 
54
	#  Save of CA Certificate
55
	cd $DIR_PKI/CA/
55
	cd $DIR_PKI/CA/
56
	cp alcasar-ca.crt $DIR_SAVE/. 
56
	cp alcasar-ca.crt $DIR_SAVE/.
57
	cp private/alcasar-ca.key $DIR_SAVE/. 
57
	cp private/alcasar-ca.key $DIR_SAVE/.
58
 
58
 
59
	#  Save of server Certificate 
59
	#  Save of server Certificate
60
	cd $DIR_PKI/tls
60
	cd $DIR_PKI/tls
61
	cp certs/alcasar.crt $DIR_SAVE/. 
61
	cp certs/alcasar.crt $DIR_SAVE/.
62
	cp private/alcasar.key $DIR_SAVE/. 
62
	cp private/alcasar.key $DIR_SAVE/.
63
	cp certs/server-chain.crt $DIR_SAVE/. 
63
	cp certs/server-chain.crt $DIR_SAVE/.
64
} # end function archive
64
} # end function archive
65
 
65
 
66
function import() {
66
function import() {
67
	echo "Would you like to Import New Certificates in ALCASAR ?"
67
	echo "Would you like to Import New Certificates in ALCASAR ?"
68
	read response
68
	read response
69
	if [ $response = "y" ] || [ $response = "o" ] || [ $response = "Y" ] || [ $response = "O" ]
69
	if [ $response = "y" ] || [ $response = "o" ] || [ $response = "Y" ] || [ $response = "O" ]
70
	then
70
	then
71
		[ -d $DIR_IMPORT ] || mkdir $DIR_IMPORT
71
		[ -d $DIR_IMPORT ] || mkdir $DIR_IMPORT
72
		rm -rf $DIR_IMPORT/*
72
		rm -rf $DIR_IMPORT/*
73
 
73
 
74
		#  Import of CA Certificate 
74
		#  Import of CA Certificate
75
		tar xzvf $1 --directory=$DIR_IMPORT
75
		tar xzvf $1 --directory=$DIR_IMPORT
76
		echo "Import new certificates in ALCASAR !!!"
76
		echo "Import new certificates in ALCASAR !!!"
77
		cp -r $DIR_IMPORT/* /.
77
		cp -r $DIR_IMPORT/* /.
78
		chown root:apache $DIR_PKI/CA/{alcasar-ca.crt,private/alcasar-ca.key}
78
		chown root:apache $DIR_PKI/CA/{alcasar-ca.crt,private/alcasar-ca.key}
79
		chown root:apache $DIR_PKI/tls/{certs/alcasar.crt,private/alcasar.key,certs/server-chain.crt}
79
		chown root:apache $DIR_PKI/tls/{certs/alcasar.crt,private/alcasar.key,certs/server-chain.crt}
80
 
80
 
81
		# Service apache restart
81
		# Service apache restart
82
		service httpd restart
82
		service httpd restart
83
	else 
83
	else
84
	      echo "You are not import new certificates !!!"
84
		echo "You are not import new certificates !!!"
85
	      exit 0
85
		exit 0
86
	fi
86
	fi
87
} # end import
87
} # end import
88
 
88
 
89
#  Core script
89
#  Core script
90
case $args in
90
case $args in
Line 99... Line 99...
99
	--import | -i)
99
	--import | -i)
100
		nb_args=$#
100
		nb_args=$#
101
		if [ $nb_args -eq 1 ]
101
		if [ $nb_args -eq 1 ]
102
		then
102
		then
103
			echo "Il faut passer un fichier de certificat en paramètre !!!"
103
			echo "Il faut passer un fichier de certificat en paramètre !!!"
104
			exit 0 
104
			exit 0
105
		fi
105
		fi
106
		import $2
106
		import $2
107
		;;
107
		;;
108
	*)
108
	*)
109
		echo "Unknown argument :$1";
109
		echo "Unknown argument :$1";