diff options
Diffstat (limited to 'scripts/install-https')
| -rwxr-xr-x | scripts/install-https | 33 |
1 files changed, 18 insertions, 15 deletions
diff --git a/scripts/install-https b/scripts/install-https index 121fb0e..ecb1b0a 100755 --- a/scripts/install-https +++ b/scripts/install-https @@ -1,14 +1,15 @@ #!/bin/bash -declare -rg CERTFILE="/etc/lighttpd/server.pem" -declare -rg CHAINFILE="/etc/lighttpd/chain.pem" +declare -rg CERT_KEY_FILE="/etc/lighttpd/server.pem" +declare -rg PUB_CERT_FILE="/etc/lighttpd/pub-cert.pem" +declare -rg CHAIN_FILE="/etc/lighttpd/chain.pem" declare -rg REDIR_FLAG="/etc/lighttpd/redirect.flag" op_disable () { - [ -e "$CERTFILE" ] || exit 0 - rm -f -- "$CERTFILE" || exit 1 - rm -f -- "$CHAINFILE" + [ -e "$CERT_KEY_FILE" ] || exit 0 + rm -f -- "$CERT_KEY_FILE" || exit 1 + rm -f -- "$CHAIN_FILE" } op_test () @@ -40,31 +41,33 @@ op_import () local CHAIN=$3 [ -r "$K" ] || exit 2 [ -r "$C" ] || exit 3 - rm -f -- "$CHAINFILE" + rm -f -- "$CHAIN_FILE" # Create server.pem - cat "$C" "$K" > "$CERTFILE" - chmod 0600 "$CERTFILE" || exit 4 + cat "$C" "$K" > "$CERT_KEY_FILE" + chmod 0600 "$CERT_KEY_FILE" || exit 4 rm -f -- "$C" "$K" # If we have a chainfile, try to use it aswell if [ -s "$CHAIN" ]; then - openssl x509 -noout -hash -in "$CHAIN" >/dev/null 2>&1 && cp "$CHAIN" "$CHAINFILE" + openssl x509 -noout -hash -in "$CHAIN" >/dev/null 2>&1 && cp "$CHAIN" "$CHAIN_FILE" fi - generate_dh + post_setup_hook return 0 } op_random () { [ -z "$1" ] && exit 1 - rm -f -- "$CHAINFILE" - openssl req -x509 -new -newkey rsa:4096 -keyout "$CERTFILE" -out "$CERTFILE" -days 5000 -nodes -subj "/C=DE/ST=Nowhere/L=Springfield/O=bwLehrpool/CN=$1" || exit 2 - chmod 0600 "$CERTFILE" || exit 3 - generate_dh + rm -f -- "$CHAIN_FILE" + openssl req -x509 -new -newkey rsa:4096 -keyout "$CERT_KEY_FILE" -out "$CERT_KEY_FILE" -days 5000 -nodes -subj "/C=DE/ST=Nowhere/L=Springfield/O=bwLehrpool/CN=$1" || exit 2 + chmod 0600 "$CERT_KEY_FILE" || exit 3 + post_setup_hook return 0 } -generate_dh () +post_setup_hook () { + rm -f -- "$PUB_CERT_FILE" + openssl x509 -outform pem -in "$CERT_KEY_FILE" -out "$PUB_CERT_FILE" local DHPARAM="/etc/lighttpd/dhparam.pem" if ! [ -s "$DHPARAM" ]; then echo "Generating DH parameters (this takes a while)..." |