[ssl_mgmt] Add option to avoid overwrite
This commit is contained in:
parent
9f7a2c6c06
commit
8deba57b8d
|
|
@ -30,7 +30,7 @@ usage ()
|
|||
progname=$1
|
||||
echo "Usage :"
|
||||
echo
|
||||
echo "$progname [-c] renew { <service> | <certificate file> }"
|
||||
echo "$progname [-c | -g] renew { <service> | <certificate file> }"
|
||||
echo "$progname -h"
|
||||
echo
|
||||
echo "First form renew the certificate specified as a file or a service name"
|
||||
|
|
@ -38,6 +38,8 @@ usage ()
|
|||
echo "Possible option:"
|
||||
echo
|
||||
echo "-c Only generate the configuration"
|
||||
echo "-g Stop after generating the certificate and keys: do not overwrite"
|
||||
echo " existing ones"
|
||||
echo
|
||||
echo "Second form prints this help."
|
||||
}
|
||||
|
|
@ -72,11 +74,14 @@ parse_args ()
|
|||
{
|
||||
local - user domain action
|
||||
config_only=""
|
||||
while getopts "ch" opt
|
||||
no_overwrite=""
|
||||
while getopts "cgh" opt
|
||||
do
|
||||
case $opt in
|
||||
"c")
|
||||
config_only=yes ;;
|
||||
"g")
|
||||
no_overwrite=yes ;;
|
||||
"h")
|
||||
if [ $# -gt 1 ]
|
||||
then
|
||||
|
|
@ -245,22 +250,28 @@ generate_cert ()
|
|||
return 1
|
||||
fi
|
||||
getfacl "$keyPath" | setfacl --set-file=- newkeys/$keyFile
|
||||
if [ ! -f "private/$keyFile" ]
|
||||
if [ -z "$no_overwrite" ]
|
||||
then
|
||||
echo -n "Error! No file named $keyFile in directory" >&2
|
||||
echo " $(readlink -f private):" >&2
|
||||
echo "there might be a problem" >&2
|
||||
if [ ! -f "private/$keyFile" ]
|
||||
then
|
||||
echo -n "Error! No file named $keyFile in directory" >&2
|
||||
echo " $(readlink -f private):" >&2
|
||||
echo "there might be a problem" >&2
|
||||
fi
|
||||
mv newkeys/$keyFile private
|
||||
fi
|
||||
mv newkeys/$keyFile private
|
||||
openssl ca -batch -out newcerts/$certFile -config $confFile -passin file:/root/passwords/root_ca -infiles csr/$reqFile
|
||||
getfacl "$certPath" | setfacl --set-file=- newcerts/$certFile
|
||||
if [ ! -f "certs/$certFile" ]
|
||||
if [ -z "$no_overwrite" ]
|
||||
then
|
||||
echo "No file named $certFile in directory" >&2
|
||||
echo " $(readlink -f certs):" >&2
|
||||
echo "there might be a problem" >&2
|
||||
if [ ! -f "certs/$certFile" ]
|
||||
then
|
||||
echo "No file named $certFile in directory" >&2
|
||||
echo " $(readlink -f certs):" >&2
|
||||
echo "there might be a problem" >&2
|
||||
fi
|
||||
mv newcerts/$certFile certs
|
||||
fi
|
||||
mv newcerts/$certFile certs
|
||||
cat private/$keyFile certs/$certFile > private/$keycertFile
|
||||
return 0
|
||||
}
|
||||
|
|
|
|||
Loading…
Reference in New Issue