diff options
Diffstat (limited to 'bin/deploy_cert.slapd.sh')
-rwxr-xr-x | bin/deploy_cert.slapd.sh | 78 |
1 files changed, 0 insertions, 78 deletions
diff --git a/bin/deploy_cert.slapd.sh b/bin/deploy_cert.slapd.sh deleted file mode 100755 index e40060d..0000000 --- a/bin/deploy_cert.slapd.sh +++ /dev/null @@ -1,78 +0,0 @@ -#!/bin/sh - -set -e - -#CA_FROM_INTERNET="TRUE" -CA_LINK_FILE_NAME="ca" -CA_CHAIN_NAME="cachain" -CERT_PATH="$(dirname ${CHAINFILE})" -CA_LINK_FILE="${CERT_PATH}/${CA_LINK_FILE_NAME}.pem" - -Ca_from_internet () -{ - echo "Downloading CA file from internet!" - - ISSUER_URL="$(openssl x509 -in "${CHAINFILE}" -noout -text | grep 'CA Issuers' | cut -d ':' -f 2-)" - TEMPDIR="$(mktemp -d /tmp/dehydrated-hook.XXXX)" - - wget --quiet "${ISSUER_URL}" -O "${TEMPDIR}/${CA_LINK_FILE_NAME}" - - if openssl x509 -in "${TEMPDIR}/${CA_LINK_FILE_NAME}" -text > /dev/null 2>&1 - then - echo "Root certificate format is text PEM" - /usr/bin/mv "${TEMPDIR}/${CA_LINK_FILE_NAME}" "${CA_LINK_FILE}.new" - elif openssl x509 -inform DER -in "${TEMPDIR}/${CA_LINK_FILE_NAME}" -text > /dev/null 2>&1 - then - echo "Root certificate format is binary DER" - openssl x509 -in "${TEMPDIR}/${CA_LINK_FILE_NAME}" -inform DER -out "${CA_LINK_FILE}.new" - elif openssl pkcs7 -inform der -in "${TEMPDIR}/${CA_LINK_FILE_NAME}" > /dev/null 2>&1 - then - echo "Root certificate format is binary pkcs7" - openssl pkcs7 -print_certs -inform der -in "${TEMPDIR}/${CA_LINK_FILE_NAME}" -out "${CA_LINK_FILE}.new" - elif openssl pkcs12 -in "${TEMPDIR}/${CA_LINK_FILE_NAME}" -info > /dev/null 2>&1 - then - echo "${0}: root certificate format is binary pkcs12" - echo "Error, root certificate is in unhandled format." >&2 - exit 1 - else - echo "${0}: error, root certificate is in unhandled format." >&2 - exit 1 - fi - - openssl verify -trusted "${CA_LINK_FILE}.new" -untrusted "${CHAINFILE}" "${CERTFILE}" 1> /dev/null - - CA_COMMON_NAME="$(openssl x509 -noout -subject -nameopt multiline -in "${CA_LINK_FILE}.new" | grep commonName | sed -n 's/ *commonName *= //p')" - CA_FILE="${CERT_PATH}/${CA_COMMON_NAME}.pem" - - mv "${CA_LINK_FILE}.new" "${CA_FILE}" - rm -rf "${TEMPDIR}" -} - -unset CA_FILE - -for FILE in $(find /etc/ssl/certs -not -name "????????.?" -not -name ca-certificates.crt) -do - if openssl verify -no-CApath -CAfile "${FILE}" "${CHAINFILE}" > /dev/null 2>&1 - then - CA_FILE="${FILE}" - break - fi -done - -if [ -z "${CA_FILE}" ] -then - echo "Could not find root CA on this system." - - if [ "${CA_FROM_INTERNET}" = "TRUE" ] - then - Ca_from_internet - else - exit 1 - fi -fi - -echo "Found trusted root CA file: ${CA_FILE}" -ln -sf "${CA_FILE}" "${CA_LINK_FILE}" -#cp "${CA_FILE}" "${CA_LINK_FILE}" -openssl verify -trusted "${CA_LINK_FILE}" -untrusted "${CHAINFILE}" "${CERTFILE}" 1> /dev/null -cat "${CA_LINK_FILE}" "${CHAINFILE}" "${CERTFILE}" > "${CERT_PATH}/${CA_CHAIN_NAME}.pem" |