Fixed ssl
parent
186dd046f3
commit
c9394f845f
|
@ -58,20 +58,28 @@ if ! sudo chmod 400 "${SSL_CONFIG_DIR}/${username}/${hostname}/server.key" >>"${
|
|||
exit 7
|
||||
fi
|
||||
|
||||
# Generate CSR
|
||||
san="subjectAltName=DNS:${hostname}.${username}.${TLD},DNS:*.${hostname}.${username}.${TLD}"
|
||||
# Generate config
|
||||
san="subjectAltNames = DNS:${hostname}.${username}.${TLD},DNS:*.${hostname}.${username}.${TLD}"
|
||||
[ "${ipstring}" != "" ] && san="${san},${ipstring}"
|
||||
if ! sudo /usr/bin/openssl req -new -sha256 \
|
||||
if ! printf '%s\n' "${san}" | sudo cat '/etc/ssl/openssl.cnf' /dev/stdin \
|
||||
| sudo tee "${SSL_CONFIG_DIR}/${username}/${hostname}.cnf"; then
|
||||
printf 'Failed to generate %s/%s/%s.cnf\n' "${SSL_CONFIG_DIR}" "${username}" "${hostname}" >>"${LOGFILE}"
|
||||
exit 7
|
||||
fi
|
||||
sudo cat "${SSL_CONFIG_DIR}/${username}/${hostname}.cnf" >>"${LOGFILE}"
|
||||
|
||||
# Generate CSR
|
||||
if ! sudo /usr/bin/openssl req -new -sha256 -reqexts SAN \
|
||||
-key "${SSL_CONFIG_DIR}/${username}/${hostname}/server.key" \
|
||||
-out "${SSL_CONFIG_DIR}/${username}/${hostname}.csr" \
|
||||
-config '/etc/ssl/openssl.cnf' \
|
||||
-addext "${san}" \
|
||||
-config "${SSL_CONFIG_DIR}/${username}/${hostname}.cnf"
|
||||
-subj "/O=${SSL_ORG}/OU=${username}/CN=${hostname}.${username}.${TLD}" \
|
||||
>>"${LOGFILE}" 2>&1; then
|
||||
printf 'Failed to generate %s/%s/%s.csr\n' "${SSL_CONFIG_DIR}" "${username}" "${hostname}" >>"${LOGFILE}"
|
||||
exit 7
|
||||
fi
|
||||
|
||||
|
||||
# Generate cert
|
||||
if ! sudo /usr/bin/openssl x509 -req -sha256 -extensions SAN -CAcreateserial \
|
||||
-extfile "${SSL_CONFIG_DIR}/${username}/${hostname}.cnf" \
|
||||
|
@ -91,6 +99,9 @@ fi; if ! sudo chmod 644 "${SSL_CONFIG_DIR}/${username}/${hostname}/server.crt";
|
|||
fi
|
||||
|
||||
# Remove old files
|
||||
sudo rm "${SSL_CONFIG_DIR}/${username}/${hostname}.csr" 2>/dev/null || true
|
||||
if ! sudo rm "${SSL_CONFIG_DIR}/${username}/${hostname}.cnf" "${SSL_CONFIG_DIR}/${username}/${hostname}.csr" 2>/dev/null; then
|
||||
printf 'Failed to remove old SSL config files %s/%s/%s.cnf\n' "${SSL_CONFIG_DIR}" "${username}" "${hostname}" >>"${LOGFILE}"
|
||||
exit 7
|
||||
fi
|
||||
|
||||
printf 'SSL certs for %s.%s.%s are ready\n' "${hostname}" "${username}" "${TLD}" >>"${LOGFILE}"
|
Loading…
Reference in New Issue