Contents of /mcore-src/trunk/mcore-tools/src/update-certificate.in
Parent Directory | Revision Log
Revision 2748 -
(show annotations)
(download)
Fri Jan 29 12:32:15 2016 UTC (8 years, 7 months ago) by niro
File size: 1242 byte(s)
Fri Jan 29 12:32:15 2016 UTC (8 years, 7 months ago) by niro
File size: 1242 byte(s)
-use sha1 as signature algorithm to support sslsvd
1 | #!/bin/bash |
2 | |
3 | die() { echo "Error: $@"; exit 1; } |
4 | |
5 | usage() |
6 | { |
7 | echo "Usage:" |
8 | echo " $0" |
9 | echo |
10 | echo "The environment variables \$SSLCONFIG and \$SSLDIR will be respected too." |
11 | echo |
12 | die "No certificate name given!" |
13 | } |
14 | |
15 | SSLDIR="${SSLDIR-@@SSLDIR@@}" |
16 | SSLCONFIG="${SSLCONFIG-${SSLDIR}/openssl.cnf}" |
17 | CERTDIR="${SSLDIR}/certs" |
18 | KEYDIR="${SSLDIR}/private" |
19 | CERTNAME="mcored" |
20 | CERTFILE="${CERTDIR}/${CERTNAME}.pem" |
21 | REQFILE="${CERTDIR}/${CERTNAME}.csr" |
22 | KEYFILE="${KEYDIR}/${CERTNAME}.key" |
23 | |
24 | type -P openssl > /dev/null || die "openssl not found!" |
25 | [[ $(id -u) -ne 0 ]] && die "You must be root!" |
26 | [ ! -d ${CERTDIR} ] && die "${CERTDIR} directory doesn't exist!" |
27 | [ ! -d ${KEYDIR} ] && die "${KEYDIR} directory doesn't exist!" |
28 | [ -f ${CERTFILE} ] && die "${CERTFILE} already exists, won't overwrite! Please rename this file first." |
29 | [ ! -f ${KEYFILE} ] && die "${KEYFILE} doesn't exist!" |
30 | |
31 | # create a new signing request |
32 | openssl req -new -x509 -sha1 -nodes -config ${SSLCONFIG} -key ${KEYFILE} -out ${REQFILE} || die "Certificate request failed!" |
33 | # generate the new certificate |
34 | openssl x509 -sha1 -subject -fingerprint -in ${REQFILE} -signkey ${KEYFILE} -out ${CERTFILE} -days 365 || die "Fingerprint failed!" |
35 | # verify the certificate |
36 | openssl verify ${CERTFILE} |