[ssl_mgmt] Only set ownership & rights if gen ok
Only set ownership and rights if generated file are not corrupted and certificate match the private key.
This commit is contained in:
parent
107a5327f4
commit
3a7e4edaeb
|
@ -299,8 +299,6 @@ generate_cert ()
|
|||
openssl ca -batch -config $opensslCnfFile -cert $CACertPath \
|
||||
-keyfile $CAKeyPath -passin file:$rootCAPwdPath \
|
||||
-out $certSubdir/$certFile -infiles $csrSubdir/$reqFile
|
||||
getfacl "$certPath" | setfacl --set-file=- $certSubdir/$certFile
|
||||
chown --reference="$certPath" $certSubdir/$certFile
|
||||
|
||||
# Safety check
|
||||
if ! openssl x509 -noout -text -in $certSubdir/$certFile >/dev/null 2>&1 ||
|
||||
|
@ -327,6 +325,8 @@ generate_cert ()
|
|||
fi
|
||||
|
||||
# Notify and install the new certificate
|
||||
getfacl "$certPath" | setfacl --set-file=- $certSubdir/$certFile
|
||||
chown --reference="$certPath" $certSubdir/$certFile
|
||||
if [ -z "$no_overwrite" ]
|
||||
then
|
||||
if [ ! -f "$certDestDir/$certFile" ]
|
||||
|
|
Loading…
Reference in New Issue