|
30 |
# /usr/share/common-licenses/AGPL-3; if not, see |
30 |
# /usr/share/common-licenses/AGPL-3; if not, see |
31 |
# <http://www.gnu.org/licenses/>. |
31 |
# <http://www.gnu.org/licenses/>. |
32 |
|
32 |
|
33 |
force_recreate=0 |
33 |
recreate=false |
34 |
|
34 |
|
35 |
while [ "$#" -gt 0 ]; do |
35 |
while [ "$#" -gt 0 ]; do |
36 |
case $1 in |
36 |
case "$1" in |
37 |
--force-recreate) |
37 |
--force-recreate) |
38 |
force_recreate=1 |
38 |
recreate=true |
39 |
shift 1 |
39 |
shift 1 |
40 |
;; |
40 |
;; |
41 |
*) |
41 |
*) |
Lines 69-80
for var in "common" "locality" "organization" "country" "state" "organizationalu
|
Link Here
|
---|
|
69 |
new="new_ssl_$var" |
69 |
new="new_ssl_$var" |
70 |
|
70 |
|
71 |
if [ -n "${!new}" -a "${!old}" != "${!new}" ]; then |
71 |
if [ -n "${!new}" -a "${!old}" != "${!new}" ]; then |
72 |
recreate="yes" |
72 |
recreate=true |
73 |
break |
73 |
break |
74 |
fi |
74 |
fi |
75 |
done |
75 |
done |
76 |
|
76 |
|
77 |
if [ "$recreate" = "yes" -o "$force_recreate" = "1" ]; then |
77 |
if "$recreate" |
|
|
78 |
then |
78 |
# remove old backup |
79 |
# remove old backup |
79 |
if [ -d /etc/univention/ssl.orig ]; then |
80 |
if [ -d /etc/univention/ssl.orig ]; then |
80 |
rm -rf /etc/univention/ssl.orig |
81 |
rm -rf /etc/univention/ssl.orig |
Lines 90-124
if [ "$recreate" = "yes" -o "$force_recreate" = "1" ]; then
|
Link Here
|
---|
|
90 |
|
91 |
|
91 |
# set UCR variables |
92 |
# set UCR variables |
92 |
for var in "common" "locality" "organization" "country" "state" "organizationalunit" "email"; do |
93 |
for var in "common" "locality" "organization" "country" "state" "organizationalunit" "email"; do |
93 |
old="ssl_$var" |
|
|
94 |
new="new_ssl_$var" |
94 |
new="new_ssl_$var" |
95 |
if [ -n "${!new}" ]; then |
95 |
if [ -n "${!new}" ]; then |
96 |
univention-config-registry set "${old/_//}=${!new}" |
96 |
echo "ssl/$var=${!new}" |
97 |
fi |
97 |
fi |
98 |
done |
98 |
done | xargs -r -d'\n' univention-config-registry set |
99 |
|
99 |
|
100 |
# create new CA und certificates |
100 |
# create new CA und certificates |
101 |
. /usr/share/univention-ssl/make-certificates.sh |
101 |
. /usr/share/univention-ssl/make-certificates.sh |
102 |
init |
102 |
init |
103 |
( |
103 |
( |
104 |
cd /etc/univention/ssl.orig |
104 |
cd /etc/univention/ssl.orig |
105 |
for fqdn in *; do |
105 |
for fqdn in *.* |
|
|
106 |
do |
106 |
# just check directories for certificates |
107 |
# just check directories for certificates |
107 |
if [ ! -d "$fqdn" ]; then |
108 |
[ -d "$fqdn" ] || continue |
108 |
continue |
|
|
109 |
fi |
110 |
# ignore ucsCA and directory not containing a dot |
111 |
if [ "$fqdn" = "ucsCA" ] || ! echo "$fqdn" | grep '\.' &>/dev/null; then |
112 |
continue |
113 |
fi |
114 |
# if there is no certificate, ignore it |
109 |
# if there is no certificate, ignore it |
115 |
if [ ! -e "$fqdn/cert.pem" ]; then |
110 |
[ -e "$fqdn/cert.pem" ] || continue |
116 |
continue |
111 |
univention-certificate new -name "$fqdn" |
|
|
112 |
if [ "$fqdn" -ne "${fqdn%.$domainname}" ] |
113 |
then |
114 |
ln -sf "$fqdn" "/etc/univention/ssl/${fqdn%%.*}" |
117 |
fi |
115 |
fi |
118 |
# get the hostname |
|
|
119 |
host=$(echo $fqdn | sed 's/\([^.]*\)\..*/\1/') |
120 |
univention-certificate new -name $fqdn |
121 |
ln -sf /etc/univention/ssl/$host.$domainname /etc/univention/ssl/$host |
122 |
done |
116 |
done |
123 |
) |
117 |
) |
124 |
|
118 |
|
Lines 126-140
if [ "$recreate" = "yes" -o "$force_recreate" = "1" ]; then
|
Link Here
|
---|
|
126 |
for file in cert.pem private.key; do |
120 |
for file in cert.pem private.key; do |
127 |
if [ -e "/var/lib/cyrus/$file" ] |
121 |
if [ -e "/var/lib/cyrus/$file" ] |
128 |
then |
122 |
then |
129 |
cp /etc/univention/ssl/$hostname.$domainname/$file /var/lib/cyrus/$file |
123 |
install -o cyrus -m 600 "/etc/univention/ssl/$hostname.$domainname/$file" "/var/lib/cyrus/$file" |
130 |
chown cyrus /var/lib/cyrus/$file |
|
|
131 |
chmod 600 /var/lib/cyrus/$file |
132 |
fi |
124 |
fi |
133 |
done |
125 |
done |
134 |
|
126 |
|
135 |
# restart services |
127 |
# restart services |
136 |
for service in slapd apache2 cyrus postfix; do |
128 |
for service in slapd apache2 cyrus postfix; do |
137 |
invoke-rc.d --quiet $service restart |
129 |
invoke-rc.d --quiet "$service" restart |
138 |
done |
130 |
done |
139 |
fi |
131 |
fi |
140 |
|
132 |
|