2020-10-15 10:30:30 +00:00
|
|
|
#!/usr/bin/bash
|
|
|
|
|
|
|
|
set -e
|
|
|
|
|
|
|
|
FQDN=`hostname`
|
|
|
|
ssldotconf=/etc/httpd/conf.d/ssl.conf
|
|
|
|
|
|
|
|
if test -f /etc/pki/tls/certs/localhost.crt -a \
|
|
|
|
-f /etc/pki/tls/private/localhost.key; then
|
|
|
|
exit 0
|
|
|
|
fi
|
|
|
|
|
|
|
|
if test -f /etc/pki/tls/certs/localhost.crt -a \
|
|
|
|
! -f /etc/pki/tls/private/localhost.key; then
|
|
|
|
echo "Missing certificate key!"
|
|
|
|
exit 1
|
|
|
|
fi
|
|
|
|
|
|
|
|
if test ! -f /etc/pki/tls/certs/localhost.crt -a \
|
|
|
|
-f /etc/pki/tls/private/localhost.key; then
|
|
|
|
echo "Missing certificate, but key is present!"
|
|
|
|
exit 1
|
|
|
|
fi
|
|
|
|
|
|
|
|
if ! test -f ${ssldotconf} || \
|
|
|
|
! grep -q '^SSLCertificateFile /etc/pki/tls/certs/localhost.crt' ${ssldotconf} || \
|
|
|
|
! grep -q '^SSLCertificateKeyFile /etc/pki/tls/private/localhost.key' ${ssldotconf}; then
|
|
|
|
# Non-default configuration, do nothing.
|
|
|
|
exit 0
|
|
|
|
fi
|
|
|
|
|
|
|
|
sscg -q \
|
|
|
|
--cert-file /etc/pki/tls/certs/localhost.crt \
|
|
|
|
--cert-key-file /etc/pki/tls/private/localhost.key \
|
|
|
|
--ca-file /etc/pki/tls/certs/localhost.crt \
|
2023-01-24 09:24:39 +00:00
|
|
|
--dhparams-file /tmp/dhparams.pem \
|
2020-10-15 10:30:30 +00:00
|
|
|
--lifetime 365 \
|
|
|
|
--hostname $FQDN \
|
|
|
|
--email root@$FQDN
|
|
|
|
|