blob: 2cb74cfd45610b6ed69d7f4ecb1288bb209347bb (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
|
#!/bin/sh
set -e
NAME="$(cat /etc/hostname)"
DEHYDRATED_PATH="/srv/${NAME}/dehydrated/certs/${NAME}"
SLAPD_CERT_PATH="/etc/crypto/tls"
CA_CHAIN_NAME="cachain"
mkdir -p "${SLAPD_CERT_PATH}"
unset CHANGE
if ! cmp -s "${DEHYDRATED_PATH}/${CA_CHAIN_NAME}.pem" "${SLAPD_CERT_PATH}/${NAME}-${CA_CHAIN_NAME}.pem"
then
/usr/bin/cp "${DEHYDRATED_PATH}/${CA_CHAIN_NAME}.pem" "${SLAPD_CERT_PATH}/${NAME}-${CA_CHAIN_NAME}.pem"
CHANGE=true
fi
if ! cmp -s "${DEHYDRATED_PATH}/cert.pem" "${SLAPD_CERT_PATH}/${NAME}.pem"
then
/usr/bin/cp "${DEHYDRATED_PATH}/cert.pem" "${SLAPD_CERT_PATH}/${NAME}.pem"
CHANGE=true
fi
if ! cmp -s "${DEHYDRATED_PATH}/privkey.pem" "${SLAPD_CERT_PATH}/${NAME}.key"
then
/usr/bin/cp "${DEHYDRATED_PATH}/privkey.pem" "${SLAPD_CERT_PATH}/${NAME}.key"
CHANGE=true
fi
if ! cmp -s "${DEHYDRATED_PATH}/fullchain.pem" "${SLAPD_CERT_PATH}/${NAME}-fullchain.pem"
then
/usr/bin/cp "${DEHYDRATED_PATH}/fullchain.pem" "${SLAPD_CERT_PATH}/${NAME}-fullchain.pem"
CHANGE=true
fi
if [ ! -z ${CHANGE} ]
then
chmod 0640 /etc/crypto/tls/${NAME}*
chgrp ssl-cert /etc/crypto/tls/${NAME}*
systemctl restart slapd.service
fi
|
