Index: base/univention-ssl/make-certificates.sh =================================================================== --- base/univention-ssl/make-certificates.sh (Revision 72885) +++ base/univention-ssl/make-certificates.sh (Arbeitskopie) @@ -357,6 +357,51 @@ ) } +renew_all_certs () { + local CYRUSBASE="/var/lib/cyrus" + local ADBASE="/var/www/univention-ad-connector" + local RADIUSBASE="/etc/freeradius/ssl" + + eval "$(ucr shell domainname ssl/default/days)" + + cp -a "$SSLBASE" "${SSLBASE}_$(date +%d%m%Y)" + + openssl x509 -in "$SSLBASE/$CA/CAcert.pem" -out "$SSLBASE/$CA/NewCAcert.pem" \ + -days "$ssl_default_days" -passin "file:$SSLBASE/password" \ + -signkey "$SSLBASE/$CA/private/CAkey.pem" + mv "$SSLBASE/$CA/NewCAcert.pem" "$SSLBASE/$CA/CAcert.pem" + + cd "$SSLBASE" + for fqdn in *."$domainname"; do + renew_cert "$fqdn" "$ssl_default_days" + done + + cp "$SSLBASE/$CA/CAcert.pem" /var/www/ucs-root-ca.crt + + /usr/sbin/univention-certificate-check-validity + + if [ -d "$CYRUSBASE" ]; then + cp "$SSLBASE/$(hostname -f)/cert.pem" "$CYRUSBASE" + cp "$SSLBASE/$(hostname -f)/private.key" "$CYRUSBASE" + chown cyrus:mail "$CYRUSBASE/cert.pem" + chown cyrus:mail "$CYRUSBASE/private.key" + fi + + if [ -d "$ADBASE" ]; then + cp "$SSLBASE/$(hostname -f)/cert.pem" "$ADBASE" + cp "$SSLBASE/$(hostname -f)/private.key" "$ADBASE" + chgrp www-data "$ADBASE/cert.pem" + chgrp www-data "$ADBASE/private.key" + fi + + if [ -d "$RADIUSBASE" ]; then + cp "$SSLBASE/$(hostname -f)/cert.pem" "$RADIUSBASE" + cp "$SSLBASE$(hostname -f)/private.key" "$RADIUSBASE" + chown root:freerad "$RADIUSBASE/cert.pem" + chown root:freerad "$RADIUSBASE/private.key" + fi +} + # Parameter 1: Name des CN dessen Zertifikat wiederufen werden soll revoke_cert () { Index: base/univention-ssl/univention-certificate =================================================================== --- base/univention-ssl/univention-certificate (Revision 72885) +++ base/univention-ssl/univention-certificate (Arbeitskopie) @@ -43,6 +43,7 @@ echo " new" echo " revoke" echo " renew" + echo " renew-all" echo " check" echo " dump" echo " list" @@ -81,6 +82,7 @@ new) command="$1" ;; revoke) command="$1" ;; renew) command="$1" ;; + renew-all) command="$1" name="DUMMY" ;; check) command="$1" ;; list) command="$1" name="DUMMY" ;; dump) command="$1" ;; @@ -123,6 +125,12 @@ renew_cert "$name" "$days" } +renew-all () { + run_only master exclusive + echo "Renew all certificates" + renew_all_certs +} + check () { local rv=0 run_only backup shared