|
357 |
) |
357 |
) |
358 |
} |
358 |
} |
359 |
|
359 |
|
|
|
360 |
renew_all_certs () { |
361 |
local CYRUSBASE="/var/lib/cyrus" |
362 |
local ADBASE="/var/www/univention-ad-connector" |
363 |
local RADIUSBASE="/etc/freeradius/ssl" |
364 |
|
365 |
eval $(ucr shell domainname) |
366 |
eval $(ucr shell ssl/default/days) |
367 |
|
368 |
cp -a "$SSLBASE" "${SSLBASE}_$(date +%d%m%Y)" |
369 |
|
370 |
openssl x509 -in "$SSLBASE/$CA/CAcert.pem" -out "$SSLBASE/$CA/NewCAcert.pem" \ |
371 |
-days "$ssl_default_days" -passin "file:$SSLBASE/password" \ |
372 |
-signkey "$SSLBASE/$CA/private/CAkey.pem" |
373 |
mv "$SSLBASE/$CA/NewCAcert.pem" "$SSLBASE/$CA/CAcert.pem" |
374 |
|
375 |
cd "$SSLBASE" |
376 |
for fqdn in *."$domainname"; do |
377 |
renew_cert "$fqdn" "$ssl_default_days" |
378 |
done |
379 |
|
380 |
cp "$SSLBASE/$CA/CAcert.pem" /var/www/ucs-root-ca.crt |
381 |
|
382 |
/usr/sbin/univention-certificate-check-validity |
383 |
|
384 |
if [ -d "$CYRUSBASE" ]; then |
385 |
cp "$SSLBASE/$(hostname -f)/cert.pem" "$CYRUSBASE" |
386 |
cp "$SSLBASE/$(hostname -f)/private.key" "$CYRUSBASE" |
387 |
chown cyrus:mail "$CYRUSBASE/cert.pem" |
388 |
chown cyrus:mail "$CYRUSBASE/private.key" |
389 |
fi |
390 |
|
391 |
if [ -d "$ADBASE" ]; then |
392 |
cp "$SSLBASE/$(hostname -f)/cert.pem" "$ADBASE" |
393 |
cp "$SSLBASE/$(hostname -f)/private.key" "$ADBASE" |
394 |
chgrp www-data "$ADBASE/cert.pem" |
395 |
chgrp www-data "$ADBASE/private.key" |
396 |
fi |
397 |
|
398 |
if [ -d "$RADIUSBASE" ]; then |
399 |
cp "$SSLBASE/$(hostname -f)/cert.pem" "$RADIUSBASE" |
400 |
cp "$SSLBASE$(hostname -f)/private.key" "$RADIUSBASE" |
401 |
chown root:freerad "$RADIUSBASE/cert.pem" |
402 |
chown root:freerad "$RADIUSBASE/private.key" |
403 |
fi |
404 |
} |
405 |
|
360 |
# Parameter 1: Name des CN dessen Zertifikat wiederufen werden soll |
406 |
# Parameter 1: Name des CN dessen Zertifikat wiederufen werden soll |
361 |
|
407 |
|
362 |
revoke_cert () { |
408 |
revoke_cert () { |