loncom/request_ssl_key.sh - annotate

Return to request_ssl_key.sh CVS log
Up to [LON-CAPA] / loncom
Annotation of loncom/request_ssl_key.sh, revision 1.2

1.1       albertel    1: #!/bin/bash
                      2: 
                      3: MAILADDR=certificate@lon-capa.org	# Email the cert request here.
                      4: DESTDIR=/home/httpd/lonCerts			# Destination for the key file.
                      5: DESTUID=www			# Who will own the private key.
1.2     ! raeburn     6: DESTGROUP=www			# Group that will own the private key.
        !             7: 
        !             8: if [ $(whoami) != "$DESTUID" ] && [ $(whoami) != "root" ]; then
        !             9:     echo "This script needs to be run either as $DESTUID or root"
        !            10:     exit
        !            11: fi
        !            12: 
        !            13: if [ $(whoami) != "root" ] ; then
        !            14:     if [ -d "$DESTDIR" ] ; then
        !            15:         CURROWNER=`stat -c %U $DESTDIR`
        !            16:         if [ -L "$DESTDIR" ] ; then
        !            17:             echo "$DESTDIR is a symbolic link. You need to remove the link and (as root) create $DESTDIR as a directory owned by $DESTUID:$DESTGROUP."
        !            18:             exit
        !            19:         elif [ $CURROWNER != $DESTUID ] ; then
        !            20:             echo "$DESTUID is not the owner of $DESTDIR. As root you need to change ownership of this directory to $DESTUID:$DESTGROUP."
        !            21:             exit
        !            22:         fi
        !            23:     else
        !            24:         echo "You need to create a directory: $DESTDIR (as root) and then change ownership of this directory so it is owned by $DESTUID:$DESTGROUP."
        !            25:         exit
        !            26:     fi
        !            27: fi
1.1       albertel   28: 
                     29: openssl req -newkey rsa:1024 -passout pass:loncapa \
                     30:     -keyout lonKey.enc -keyform PEM  \
                     31:     -out    CertRequest.pem -outform PEM
                     32: 
                     33: openssl rsa -passin pass:loncapa -in lonKey.enc -out lonKey.pem
                     34: 
1.2     ! raeburn    35: if [ $(pwd) != "$DESTDIR" ] ; then
        !            36:     if [ !-d "$DESTDIR" ] ; then
        !            37:         install -d -m 0750 -o $DESTUID -g $DESTGROUP $DESTDIR
        !            38:     fi
        !            39:     install -m 0400 -o $DESTUID -g $DESTGROUP lonKey.pem $DESTDIR
        !            40:     rm lonKey.pem
        !            41: else
        !            42:     chmod 0400 lonKey.pem
        !            43: fi
        !            44: 
        !            45: rm lonKey.enc
        !            46: 
1.1       albertel   47: 
                     48: mail <CertRequest.pem -s "Certificate Request" $MAILADDR
                     49: rm CertRequest.pem
FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>