File:  [LON-CAPA] / loncom / request_ssl_key.sh
Revision 1.2: download - view: text, annotated - select for diffs
Tue Jan 27 01:23:26 2009 UTC (13 years, 10 months ago) by raeburn
Branches: MAIN
CVS tags: version_2_9_X, version_2_9_99_0, version_2_9_1, version_2_9_0, version_2_8_X, version_2_8_99_1, version_2_8_99_0, version_2_8_2, version_2_8_1, version_2_11_1, version_2_11_0_RC3, version_2_11_0_RC2, version_2_11_0_RC1, version_2_11_0, version_2_10_X, version_2_10_1, version_2_10_0_RC2, version_2_10_0_RC1, version_2_10_0, loncapaMITrelate_1, language_hyphenation_merge, language_hyphenation, bz6209-base, bz6209, bz5969, bz2851, PRINT_INCOMPLETE_base, PRINT_INCOMPLETE, HEAD, GCI_3, GCI_2, GCI_1, BZ5971-printing-apage, BZ5434-fox, BZ4492-merge, BZ4492-feature_horizontal_radioresponse, BZ4492-feature_Support_horizontal_radioresponse, BZ4492-Support_horizontal_radioresponse
- Need to check for the existence (an ownership) of /home/httpd/lonCerts if run as www.
- If the script is actually run from within /home/httpd/lonCerts, lonKey.pem doesn't need to be copied (and shouldn't be removed).

    1: #!/bin/bash
    2: 
    3: MAILADDR=certificate@lon-capa.org	# Email the cert request here.
    4: DESTDIR=/home/httpd/lonCerts			# Destination for the key file.
    5: DESTUID=www			# Who will own the private key.
    6: DESTGROUP=www			# Group that will own the private key.
    7: 
    8: if [ $(whoami) != "$DESTUID" ] && [ $(whoami) != "root" ]; then
    9:     echo "This script needs to be run either as $DESTUID or root"
   10:     exit
   11: fi
   12: 
   13: if [ $(whoami) != "root" ] ; then
   14:     if [ -d "$DESTDIR" ] ; then
   15:         CURROWNER=`stat -c %U $DESTDIR`
   16:         if [ -L "$DESTDIR" ] ; then
   17:             echo "$DESTDIR is a symbolic link. You need to remove the link and (as root) create $DESTDIR as a directory owned by $DESTUID:$DESTGROUP."
   18:             exit
   19:         elif [ $CURROWNER != $DESTUID ] ; then
   20:             echo "$DESTUID is not the owner of $DESTDIR. As root you need to change ownership of this directory to $DESTUID:$DESTGROUP."
   21:             exit
   22:         fi
   23:     else
   24:         echo "You need to create a directory: $DESTDIR (as root) and then change ownership of this directory so it is owned by $DESTUID:$DESTGROUP."
   25:         exit
   26:     fi
   27: fi
   28: 
   29: openssl req -newkey rsa:1024 -passout pass:loncapa \
   30:     -keyout lonKey.enc -keyform PEM  \
   31:     -out    CertRequest.pem -outform PEM
   32: 
   33: openssl rsa -passin pass:loncapa -in lonKey.enc -out lonKey.pem
   34: 
   35: if [ $(pwd) != "$DESTDIR" ] ; then
   36:     if [ !-d "$DESTDIR" ] ; then
   37:         install -d -m 0750 -o $DESTUID -g $DESTGROUP $DESTDIR
   38:     fi
   39:     install -m 0400 -o $DESTUID -g $DESTGROUP lonKey.pem $DESTDIR
   40:     rm lonKey.pem
   41: else
   42:     chmod 0400 lonKey.pem
   43: fi
   44: 
   45: rm lonKey.enc
   46: 
   47: 
   48: mail <CertRequest.pem -s "Certificate Request" $MAILADDR
   49: rm CertRequest.pem

FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>