| Line 1... |
Line 1... |
| 1 |
#!/bin/bash
|
1 |
#!/bin/sh
|
| 2 |
# $Id: alcasar-CA.sh 672 2011-07-08 15:34:22Z richard $
|
2 |
# $Id: alcasar-CA.sh 675 2011-07-18 21:24:19Z richard $
|
| 3 |
|
3 |
|
| 4 |
# alcasar-CA.sh
|
4 |
# alcasar-CA.sh
|
| 5 |
# by Franck BOUIJOUX, Pascal LEVANT and Richard REY
|
5 |
# by Franck BOUIJOUX, Pascal LEVANT and Richard REY
|
| 6 |
# This script is distributed under the Gnu General Public License (GPL)
|
6 |
# This script is distributed under the Gnu General Public License (GPL)
|
| 7 |
|
7 |
#
|
| 8 |
# Création de la PKI et des certificats ALCASAR - Plusieurs idées ont été récupéées dans le script "nessus-mkcert" de Renaud Deraison et Michel Arboi
|
8 |
# Some ideas from "nessus-mkcert" script written by Renaud Deraison <deraison@cvs.nessus.org>
|
| 9 |
# Creation of the ALCASAR PKI and certificates - Some ideas are from "nessus-mkcert" script written by Renaud Deraison and Michel Arboi
|
9 |
# and Michel Arboi <arboi@alussinan.org>
|
| 10 |
|
10 |
#
|
| 11 |
DIR_TMP=${TMPDIR-/tmp}/alcasar-mkcert.$$
|
11 |
DIR_TMP=${TMPDIR-/tmp}/alcasar-mkcert.$$
|
| 12 |
DIR_PKI=/etc/pki
|
12 |
DIR_PKI=/etc/pki
|
| 13 |
DIR_CERT=$DIR_PKI/tls
|
13 |
DIR_CERT=$DIR_PKI/tls
|
| 14 |
DIR_WEB=/var/www/html
|
14 |
DIR_WEB=/var/www/html
|
| 15 |
CACERT=$DIR_PKI/CA/alcasar-ca.crt
|
15 |
CACERT=$DIR_PKI/CA/alcasar-ca.crt
|
| 16 |
CAKEY=$DIR_PKI/CA/private/alcasar-ca.key
|
16 |
CAKEY=$DIR_PKI/CA/private/alcasar-ca.key
|
| 17 |
SRVCERT=$DIR_CERT/certs/alcasar.crt
|
- |
|
| 18 |
SRVKEY=$DIR_CERT/private/alcasar.key
|
- |
|
| 19 |
SRVREQ=$DIR_CERT/alcasar.req
|
17 |
SRVREQ=$DIR_CERT/alcasar.req
|
| - |
|
18 |
SRVKEY=$DIR_CERT/private/alcasar.key
|
| - |
|
19 |
SRVCERT=$DIR_CERT/certs/alcasar.crt
|
| - |
|
20 |
SRVCHAIN=$DIR_CERT/certs/server-chain.crt
|
| 20 |
|
21 |
|
| 21 |
CACERT_LIFETIME="1460"
|
22 |
CACERT_LIFETIME="1460"
|
| 22 |
SRVCERT_LIFETIME="1460"
|
23 |
SRVCERT_LIFETIME="1460"
|
| 23 |
COUNTRY="FR"
|
24 |
COUNTRY="FR"
|
| 24 |
PROVINCE="none"
|
25 |
PROVINCE="none"
|
| Line 214... |
Line 215... |
| 214 |
# Sign the server certificate "request" to create server certificate
|
215 |
# Sign the server certificate "request" to create server certificate
|
| 215 |
rm -f $SRVCERT
|
216 |
rm -f $SRVCERT
|
| 216 |
echo "*********SRVCERT*********" >> $DIR_TMP/openssl-log
|
217 |
echo "*********SRVCERT*********" >> $DIR_TMP/openssl-log
|
| 217 |
openssl ca -config $DIR_TMP/ssl.conf -name AlcasarCA -batch -days $SRVCERT_LIFETIME -in $SRVREQ -out $SRVCERT 2>> $DIR_TMP/openssl-log
|
218 |
openssl ca -config $DIR_TMP/ssl.conf -name AlcasarCA -batch -days $SRVCERT_LIFETIME -in $SRVREQ -out $SRVCERT 2>> $DIR_TMP/openssl-log
|
| 218 |
rm -f $SRVREQ
|
219 |
rm -f $SRVREQ
|
| - |
|
220 |
cp -f $SRVCERT $SRVCHAIN # in order to simplify the official intranet certificate import process
|
| 219 |
chmod a+r $CACERT $SRVCERT
|
221 |
chmod a+r $CACERT $SRVCERT $SRVCHAIN
|
| 220 |
|
222 |
|
| - |
|
223 |
# Link certs in ALCASAR Control Center
|
| 221 |
if [ -s "$CACERT" -a -s "$CAKEY" -a -s "$SRVCERT" -a -s "$SRVKEY" ];
|
224 |
if [ -s "$CACERT" -a -s "$CAKEY" -a -s "$SRVCERT" -a -s "$SRVKEY" ];
|
| 222 |
then
|
225 |
then
|
| 223 |
[ -d $DIR_WEB/certs ] || mkdir -p $DIR_WEB/certs
|
226 |
[ -d $DIR_WEB/certs ] || mkdir -p $DIR_WEB/certs
|
| 224 |
rm -f $DIR_WEB/certs/*
|
227 |
rm -f $DIR_WEB/certs/*
|
| 225 |
ln -s $CACERT $DIR_WEB/certs/certificat_alcasar_ca.crt
|
228 |
ln -s $CACERT $DIR_WEB/certs/certificat_alcasar_ca.crt
|