[ssl_mgmt] Only set ownership & rights if gen ok
Only set ownership and rights if generated file are not corrupted and certificate match the private key.
This commit is contained in:
parent
107a5327f4
commit
3a7e4edaeb
|
@ -299,8 +299,6 @@ generate_cert ()
|
||||||
openssl ca -batch -config $opensslCnfFile -cert $CACertPath \
|
openssl ca -batch -config $opensslCnfFile -cert $CACertPath \
|
||||||
-keyfile $CAKeyPath -passin file:$rootCAPwdPath \
|
-keyfile $CAKeyPath -passin file:$rootCAPwdPath \
|
||||||
-out $certSubdir/$certFile -infiles $csrSubdir/$reqFile
|
-out $certSubdir/$certFile -infiles $csrSubdir/$reqFile
|
||||||
getfacl "$certPath" | setfacl --set-file=- $certSubdir/$certFile
|
|
||||||
chown --reference="$certPath" $certSubdir/$certFile
|
|
||||||
|
|
||||||
# Safety check
|
# Safety check
|
||||||
if ! openssl x509 -noout -text -in $certSubdir/$certFile >/dev/null 2>&1 ||
|
if ! openssl x509 -noout -text -in $certSubdir/$certFile >/dev/null 2>&1 ||
|
||||||
|
@ -327,6 +325,8 @@ generate_cert ()
|
||||||
fi
|
fi
|
||||||
|
|
||||||
# Notify and install the new certificate
|
# Notify and install the new certificate
|
||||||
|
getfacl "$certPath" | setfacl --set-file=- $certSubdir/$certFile
|
||||||
|
chown --reference="$certPath" $certSubdir/$certFile
|
||||||
if [ -z "$no_overwrite" ]
|
if [ -z "$no_overwrite" ]
|
||||||
then
|
then
|
||||||
if [ ! -f "$certDestDir/$certFile" ]
|
if [ ! -f "$certDestDir/$certFile" ]
|
||||||
|
|
Loading…
Reference in New Issue