File:
[LON-CAPA] /
loncom /
request_ssl_key.sh
Revision
1.2:
download - view:
text,
annotated -
select for diffs
Tue Jan 27 01:23:26 2009 UTC (15 years, 8 months ago) by
raeburn
Branches:
MAIN
CVS tags:
version_2_9_X,
version_2_9_99_0,
version_2_9_1,
version_2_9_0,
version_2_8_X,
version_2_8_99_1,
version_2_8_99_0,
version_2_8_2,
version_2_8_1,
version_2_11_1,
version_2_11_0_RC3,
version_2_11_0_RC2,
version_2_11_0_RC1,
version_2_11_0,
version_2_10_X,
version_2_10_1,
version_2_10_0_RC2,
version_2_10_0_RC1,
version_2_10_0,
loncapaMITrelate_1,
language_hyphenation_merge,
language_hyphenation,
bz6209-base,
bz6209,
bz5969,
bz2851,
PRINT_INCOMPLETE_base,
PRINT_INCOMPLETE,
HEAD,
GCI_3,
GCI_2,
GCI_1,
BZ5971-printing-apage,
BZ5434-fox,
BZ4492-merge,
BZ4492-feature_horizontal_radioresponse,
BZ4492-feature_Support_horizontal_radioresponse,
BZ4492-Support_horizontal_radioresponse
- Need to check for the existence (an ownership) of /home/httpd/lonCerts if run as www.
- If the script is actually run from within /home/httpd/lonCerts, lonKey.pem doesn't need to be copied (and shouldn't be removed).
1: #!/bin/bash
2:
3: MAILADDR=certificate@lon-capa.org # Email the cert request here.
4: DESTDIR=/home/httpd/lonCerts # Destination for the key file.
5: DESTUID=www # Who will own the private key.
6: DESTGROUP=www # Group that will own the private key.
7:
8: if [ $(whoami) != "$DESTUID" ] && [ $(whoami) != "root" ]; then
9: echo "This script needs to be run either as $DESTUID or root"
10: exit
11: fi
12:
13: if [ $(whoami) != "root" ] ; then
14: if [ -d "$DESTDIR" ] ; then
15: CURROWNER=`stat -c %U $DESTDIR`
16: if [ -L "$DESTDIR" ] ; then
17: echo "$DESTDIR is a symbolic link. You need to remove the link and (as root) create $DESTDIR as a directory owned by $DESTUID:$DESTGROUP."
18: exit
19: elif [ $CURROWNER != $DESTUID ] ; then
20: echo "$DESTUID is not the owner of $DESTDIR. As root you need to change ownership of this directory to $DESTUID:$DESTGROUP."
21: exit
22: fi
23: else
24: echo "You need to create a directory: $DESTDIR (as root) and then change ownership of this directory so it is owned by $DESTUID:$DESTGROUP."
25: exit
26: fi
27: fi
28:
29: openssl req -newkey rsa:1024 -passout pass:loncapa \
30: -keyout lonKey.enc -keyform PEM \
31: -out CertRequest.pem -outform PEM
32:
33: openssl rsa -passin pass:loncapa -in lonKey.enc -out lonKey.pem
34:
35: if [ $(pwd) != "$DESTDIR" ] ; then
36: if [ !-d "$DESTDIR" ] ; then
37: install -d -m 0750 -o $DESTUID -g $DESTGROUP $DESTDIR
38: fi
39: install -m 0400 -o $DESTUID -g $DESTGROUP lonKey.pem $DESTDIR
40: rm lonKey.pem
41: else
42: chmod 0400 lonKey.pem
43: fi
44:
45: rm lonKey.enc
46:
47:
48: mail <CertRequest.pem -s "Certificate Request" $MAILADDR
49: rm CertRequest.pem
FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>