X-Git-Url: http://git.onelab.eu/?a=blobdiff_plain;f=apache%2Funfold-init-ssl.sh;fp=apache%2Funfold-init-ssl.sh;h=74c1c32a474f248117c4ee61198aafdc80ef1278;hb=e6184193b74ac6d5c52289546dae9121bdd99008;hp=0000000000000000000000000000000000000000;hpb=3167207804460a2c42e1e5a8346c597f9832d295;p=unfold.git diff --git a/apache/unfold-init-ssl.sh b/apache/unfold-init-ssl.sh new file mode 100755 index 00000000..74c1c32a --- /dev/null +++ b/apache/unfold-init-ssl.sh @@ -0,0 +1,54 @@ +#!/bin/bash + +COMMAND=$(basename $0) + +# minimal script for initializing SSL material for myslice +# you probably want to take care of this yourself instead, +# but until somebody gets around to that apache will at least start up +# +trusted_roots=/etc/unfold/trusted_roots +key=/etc/unfold/myslice.key +cert=/etc/unfold/myslice.cert + +if [[ -n "$@" ]] ; then hostname=$1; shift; else hostname=$(hostname); fi + +function init_trusted_roots () { + if [ ! -d $trusted_roots ] ; then + echo "Creating empty" $trusted_roots + mkdir -p $trusted_roots + echo "You will wish to populate that with e.g. ple.gid or the like" + echo "Make sure to re-run this command $COMMAND if you add gids" + fi + ### c_rehash will consider only files ending in .pem or .crt + # so, we create symlinks from *.gid to *.pem + pushd $trusted_roots >& /dev/null + for gid in *.gid; do + base=$(basename $gid .gid) + pem=$base.pem + [ -f $pem ] && ln -s $gid $pem + done + ### invoke c_rehash + # on debian c_rehash comes with openssl + # on fedora this is part of openssl-perl + echo -n "Invoking c_rehash in $(pwd) .. "; c_rehash . + popd >& /dev/null +} + +function init_server_cert () { + # both present : we have nothing to do + [ -f $key -a -f $cert ] && return + # exactly one present : we have a problem + [ -f $key -o -f $cert ] && { echo "server key or cert missing ?!?" ; return ; } + # create both + echo "Creating server key and cert for hostname ${hostname}" + openssl req -new -x509 -days 365 -set_serial $RANDOM -batch \ + -subj "/CN=${hostname}" -nodes -keyout $key -out $cert +} + + +function main () { + init_trusted_roots + init_server_cert +} + +main "$@"