Annotation of loncom/request_ssl_key.sh, revision 1.4

1.1       albertel    1: #!/bin/bash
                      2: 
                      3: MAILADDR=certificate@lon-capa.org	# Email the cert request here.
                      4: DESTDIR=/home/httpd/lonCerts			# Destination for the key file.
                      5: DESTUID=www			# Who will own the private key.
1.2       raeburn     6: DESTGROUP=www			# Group that will own the private key.
                      7: 
                      8: if [ $(whoami) != "$DESTUID" ] && [ $(whoami) != "root" ]; then
                      9:     echo "This script needs to be run either as $DESTUID or root"
                     10:     exit
                     11: fi
                     12: 
                     13: if [ $(whoami) != "root" ] ; then
                     14:     if [ -d "$DESTDIR" ] ; then
                     15:         CURROWNER=`stat -c %U $DESTDIR`
                     16:         if [ -L "$DESTDIR" ] ; then
                     17:             echo "$DESTDIR is a symbolic link. You need to remove the link and (as root) create $DESTDIR as a directory owned by $DESTUID:$DESTGROUP."
                     18:             exit
                     19:         elif [ $CURROWNER != $DESTUID ] ; then
                     20:             echo "$DESTUID is not the owner of $DESTDIR. As root you need to change ownership of this directory to $DESTUID:$DESTGROUP."
                     21:             exit
                     22:         fi
                     23:     else
                     24:         echo "You need to create a directory: $DESTDIR (as root) and then change ownership of this directory so it is owned by $DESTUID:$DESTGROUP."
                     25:         exit
                     26:     fi
                     27: fi
1.1       albertel   28: 
1.4     ! raeburn    29: openssl req -newkey rsa:2048 -passout pass:loncapa \
1.1       albertel   30:     -keyout lonKey.enc -keyform PEM  \
                     31:     -out    CertRequest.pem -outform PEM
                     32: 
                     33: openssl rsa -passin pass:loncapa -in lonKey.enc -out lonKey.pem
                     34: 
1.2       raeburn    35: if [ $(pwd) != "$DESTDIR" ] ; then
                     36:     if [ !-d "$DESTDIR" ] ; then
                     37:         install -d -m 0750 -o $DESTUID -g $DESTGROUP $DESTDIR
                     38:     fi
                     39:     install -m 0400 -o $DESTUID -g $DESTGROUP lonKey.pem $DESTDIR
                     40:     rm lonKey.pem
                     41: else
                     42:     chmod 0400 lonKey.pem
1.3       raeburn    43:     CURROWNER=`stat -c %U lonKey.pem`
                     44:     if [ $CURROWNER != $DESTUID ] ; then
                     45:         chown $DESTUID:$DESTGROUP lonKey.pem
                     46:         CURROWNER=`stat -c %U lonKey.pem`
                     47:         if [ $CURROWNER != $DESTUID ] ; then
                     48:             echo "$DESTUID is not the owner of $DESTDIR/lonKey.pem. As root you need to change ownership of this file to $DESTUID:$DESTGROUP."
                     49:         fi
                     50:     fi
1.2       raeburn    51: fi
                     52: 
                     53: rm lonKey.enc
                     54: 
1.1       albertel   55: 
                     56: mail <CertRequest.pem -s "Certificate Request" $MAILADDR
                     57: rm CertRequest.pem

FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>