[ssl_mgmt] Add option to avoid overwrite
This commit is contained in:
parent
9f7a2c6c06
commit
8deba57b8d
|
@ -30,7 +30,7 @@ usage ()
|
||||||
progname=$1
|
progname=$1
|
||||||
echo "Usage :"
|
echo "Usage :"
|
||||||
echo
|
echo
|
||||||
echo "$progname [-c] renew { <service> | <certificate file> }"
|
echo "$progname [-c | -g] renew { <service> | <certificate file> }"
|
||||||
echo "$progname -h"
|
echo "$progname -h"
|
||||||
echo
|
echo
|
||||||
echo "First form renew the certificate specified as a file or a service name"
|
echo "First form renew the certificate specified as a file or a service name"
|
||||||
|
@ -38,6 +38,8 @@ usage ()
|
||||||
echo "Possible option:"
|
echo "Possible option:"
|
||||||
echo
|
echo
|
||||||
echo "-c Only generate the configuration"
|
echo "-c Only generate the configuration"
|
||||||
|
echo "-g Stop after generating the certificate and keys: do not overwrite"
|
||||||
|
echo " existing ones"
|
||||||
echo
|
echo
|
||||||
echo "Second form prints this help."
|
echo "Second form prints this help."
|
||||||
}
|
}
|
||||||
|
@ -72,11 +74,14 @@ parse_args ()
|
||||||
{
|
{
|
||||||
local - user domain action
|
local - user domain action
|
||||||
config_only=""
|
config_only=""
|
||||||
while getopts "ch" opt
|
no_overwrite=""
|
||||||
|
while getopts "cgh" opt
|
||||||
do
|
do
|
||||||
case $opt in
|
case $opt in
|
||||||
"c")
|
"c")
|
||||||
config_only=yes ;;
|
config_only=yes ;;
|
||||||
|
"g")
|
||||||
|
no_overwrite=yes ;;
|
||||||
"h")
|
"h")
|
||||||
if [ $# -gt 1 ]
|
if [ $# -gt 1 ]
|
||||||
then
|
then
|
||||||
|
@ -245,22 +250,28 @@ generate_cert ()
|
||||||
return 1
|
return 1
|
||||||
fi
|
fi
|
||||||
getfacl "$keyPath" | setfacl --set-file=- newkeys/$keyFile
|
getfacl "$keyPath" | setfacl --set-file=- newkeys/$keyFile
|
||||||
if [ ! -f "private/$keyFile" ]
|
if [ -z "$no_overwrite" ]
|
||||||
then
|
then
|
||||||
echo -n "Error! No file named $keyFile in directory" >&2
|
if [ ! -f "private/$keyFile" ]
|
||||||
echo " $(readlink -f private):" >&2
|
then
|
||||||
echo "there might be a problem" >&2
|
echo -n "Error! No file named $keyFile in directory" >&2
|
||||||
|
echo " $(readlink -f private):" >&2
|
||||||
|
echo "there might be a problem" >&2
|
||||||
|
fi
|
||||||
|
mv newkeys/$keyFile private
|
||||||
fi
|
fi
|
||||||
mv newkeys/$keyFile private
|
|
||||||
openssl ca -batch -out newcerts/$certFile -config $confFile -passin file:/root/passwords/root_ca -infiles csr/$reqFile
|
openssl ca -batch -out newcerts/$certFile -config $confFile -passin file:/root/passwords/root_ca -infiles csr/$reqFile
|
||||||
getfacl "$certPath" | setfacl --set-file=- newcerts/$certFile
|
getfacl "$certPath" | setfacl --set-file=- newcerts/$certFile
|
||||||
if [ ! -f "certs/$certFile" ]
|
if [ -z "$no_overwrite" ]
|
||||||
then
|
then
|
||||||
echo "No file named $certFile in directory" >&2
|
if [ ! -f "certs/$certFile" ]
|
||||||
echo " $(readlink -f certs):" >&2
|
then
|
||||||
echo "there might be a problem" >&2
|
echo "No file named $certFile in directory" >&2
|
||||||
|
echo " $(readlink -f certs):" >&2
|
||||||
|
echo "there might be a problem" >&2
|
||||||
|
fi
|
||||||
|
mv newcerts/$certFile certs
|
||||||
fi
|
fi
|
||||||
mv newcerts/$certFile certs
|
|
||||||
cat private/$keyFile certs/$certFile > private/$keycertFile
|
cat private/$keyFile certs/$certFile > private/$keycertFile
|
||||||
return 0
|
return 0
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in New Issue