Return to request_ssl_key.sh CVS log | Up to [LON-CAPA] / loncom |
- Ensure lonKey.pem file has correct owner.
1: #!/bin/bash 2: 3: MAILADDR=certificate@lon-capa.org # Email the cert request here. 4: DESTDIR=/home/httpd/lonCerts # Destination for the key file. 5: DESTUID=www # Who will own the private key. 6: DESTGROUP=www # Group that will own the private key. 7: 8: if [ $(whoami) != "$DESTUID" ] && [ $(whoami) != "root" ]; then 9: echo "This script needs to be run either as $DESTUID or root" 10: exit 11: fi 12: 13: if [ $(whoami) != "root" ] ; then 14: if [ -d "$DESTDIR" ] ; then 15: CURROWNER=`stat -c %U $DESTDIR` 16: if [ -L "$DESTDIR" ] ; then 17: echo "$DESTDIR is a symbolic link. You need to remove the link and (as root) create $DESTDIR as a directory owned by $DESTUID:$DESTGROUP." 18: exit 19: elif [ $CURROWNER != $DESTUID ] ; then 20: echo "$DESTUID is not the owner of $DESTDIR. As root you need to change ownership of this directory to $DESTUID:$DESTGROUP." 21: exit 22: fi 23: else 24: echo "You need to create a directory: $DESTDIR (as root) and then change ownership of this directory so it is owned by $DESTUID:$DESTGROUP." 25: exit 26: fi 27: fi 28: 29: openssl req -newkey rsa:1024 -passout pass:loncapa \ 30: -keyout lonKey.enc -keyform PEM \ 31: -out CertRequest.pem -outform PEM 32: 33: openssl rsa -passin pass:loncapa -in lonKey.enc -out lonKey.pem 34: 35: if [ $(pwd) != "$DESTDIR" ] ; then 36: if [ !-d "$DESTDIR" ] ; then 37: install -d -m 0750 -o $DESTUID -g $DESTGROUP $DESTDIR 38: fi 39: install -m 0400 -o $DESTUID -g $DESTGROUP lonKey.pem $DESTDIR 40: rm lonKey.pem 41: else 42: chmod 0400 lonKey.pem 43: CURROWNER=`stat -c %U lonKey.pem` 44: if [ $CURROWNER != $DESTUID ] ; then 45: chown $DESTUID:$DESTGROUP lonKey.pem 46: CURROWNER=`stat -c %U lonKey.pem` 47: if [ $CURROWNER != $DESTUID ] ; then 48: echo "$DESTUID is not the owner of $DESTDIR/lonKey.pem. As root you need to change ownership of this file to $DESTUID:$DESTGROUP." 49: fi 50: fi 51: fi 52: 53: rm lonKey.enc 54: 55: 56: mail <CertRequest.pem -s "Certificate Request" $MAILADDR 57: rm CertRequest.pem