[ssl_mgmt] Set ownership and rights of keycert

master
Thomas Preud'homme 9 years ago
parent ccfdd24ff3
commit 519303988c

@ -285,6 +285,7 @@ generate_cert ()
certFile=${certPath##*/}
keyFile=${keyPath##*/}
keycertFile=${service}-keycert.pem
keycertPath=${keyPath%/*}/$keycertFile
# Create the CSR and the key
openssl req -new -nodes -out $csrSubdir/$reqFile -keyout $keySubdir/$keyFile -config $opensslCnfFile
@ -298,6 +299,7 @@ generate_cert ()
then
return 1
fi
# Sets ownership and access rights of the key
getfacl "$keyPath" | setfacl --set-file=- $keySubdir/$keyFile
chown --reference="$keyPath" $keySubdir/$keyFile
@ -306,8 +308,11 @@ generate_cert ()
-keyfile $CAKeyPath -passin file:$rootCAPwdPath \
-out $certSubdir/$certFile -infiles $csrSubdir/$reqFile
# Create the keycert file (file with merged key and certificate)
# Create the keycert file (file with merged key and certificate) and
# sets its ownership and access rights
cat $keySubdir/$keyFile $certSubdir/$certFile > $keySubdir/$keycertFile
getfacl "$keycertPath" | setfacl --set-file=- $keySubdir/$keycertFile
chown --reference="$keycertPath" $keySubdir/$keycertFile
# Safety check
if ! openssl x509 -noout -text -in $certSubdir/$certFile >/dev/null 2>&1 ||
@ -333,11 +338,9 @@ generate_cert ()
return 1
fi
# Sets ownership and rights of generated files
# Sets ownership and access rights of the certificate
getfacl "$certPath" | setfacl --set-file=- $certSubdir/$certFile
chown --reference="$certPath" $certSubdir/$certFile
getfacl "$keyPath" | setfacl --set-file=- $keySubdir/$keycertFile
chown --reference="$keyPath" $keySubdir/$keycertFile
# Notify and install the new certificate
if [ -z "$no_overwrite" ]

@ -0,0 +1,3 @@
chmod u+rwx ./destdir/private/foo-keycert.pem \
&& keyId= cnfFilePath=./ssl_mgmt.conf ../ssl_mgmt renew foo \
&& getfacl ./destdir/private/foo-keycert.pem | grep "user::rwx"

@ -0,0 +1,2 @@
echo
echo "y"

@ -0,0 +1 @@
../restore_foo_fini

@ -0,0 +1 @@
../save_foo_init
Loading…
Cancel
Save