-
Notifications
You must be signed in to change notification settings - Fork 1
/
import-dfn-pem.sh
executable file
·77 lines (65 loc) · 2.15 KB
/
import-dfn-pem.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
#!/bin/sh
set -e
make_courier_cert() {
mkdir -p courier
install -m 0600 server.crt courier/courier.pem
cat server.key >> courier/courier.pem
install -m 0600 ../chain/unitrier-ca-chain.pem courier/tls_trustcerts.txt
cat > courier/README <<EOF
Certs created based on:
http://www.digicert.com/ssl-certificate-installation-courier-imap.htm
EOF
}
make_postfix_cert() {
mkdir -p postfix
install -m 0600 server.crt postfix/server.pem
cat ../chain/unitrier-ca-chain.pem >> postfix/server.pem
install -m 0600 server.key postfix/server.key
cat > postfix/README <<EOF
Certs created based on:
http://www.postfix.org/TLS_README.html#server_cert_key
EOF
}
make_idrac_cert() {
mkdir -p idrac
export PASS=""
install -m 0600 server.key idrac/server.key
install -m 0600 server.crt idrac/server.pem
cat ../chain/unitrier-ca-chain.pem >> idrac/server.pem
openssl pkcs12 -export -in idrac/server.pem -inkey idrac/server.key -out idrac/all.p12 -clcerts -passin env:PASS -passout env:PASS -password env:PASS
openssl pkcs12 -in idrac/all.p12 -out idrac/finalcert.pem -passout env:PASS -passin env:PASS -passout env:PASS
rm -f idrac/server.pem idrac/all.p12
cat > idrac/README <<EOF
Certs created based on:
https://redmine.uni-trier.de/projects/wlan/wiki/SSL-Zertifikate_f%C3%BCr_WLAN-Controller
http://serverfault.com/questions/485426/install-existing-ssl-certificate-on-dell-idrac7
EOF
}
make_apache_cert() {
mkdir -p apache
install -m 0600 server.crt apache/server.crt
cat ../chain/unitrier-ca-chain.pem >> apache/chain.pem
install -m 0600 server.key apache/server.key
cat > apache/README <<EOF
Certs created based on:
http://wiki.cacert.org/SimpleApacheCert
EOF
}
SIGNED_CRT="$1"
if [ ! -f "$SIGNED_CRT" ]; then
echo "need the dfn pem file as the first argument"
exit 1
fi
TARGET_DIR="$2"
if [ ! -d "$TARGET_DIR" ]; then
echo "need the server directory as the second argument"
exit 1
fi
install -m 0600 "$SIGNED_CRT" "${TARGET_DIR}/server.crt"
# generate various chains
cd "$TARGET_DIR"
# generate cert for some of our apps
make_courier_cert
make_postfix_cert
make_apache_cert
make_idrac_cert