View | Details | Raw Unified | Return to bug 30294 | Differences between
and this patch

Collapse All | Expand All

(-)base/univention-ssl/make-certificates.sh (+45 lines)
 Lines 357-362    Link Here 
357 
	)
 357 
	)
358 
}
 358 
}
359 

          359
          

        

            

              
              
              360
              
renew_all_certs () {

            

            

              361
              
	local CYRUSBASE="/var/lib/cyrus"

            

            

              362
              
	local ADBASE="/var/www/univention-ad-connector"

            

            

              363
              
	local RADIUSBASE="/etc/freeradius/ssl"

            

            

              364
              

            

            

              365
              
	eval "$(ucr shell domainname ssl/default/days)"

            

            

              366
              

            

            

              367
              
	cp -a "$SSLBASE" "${SSLBASE}_$(date +%d%m%Y)"

            

            

              368
              

            

            

              369
              
	openssl x509 -in "$SSLBASE/$CA/CAcert.pem" -out "$SSLBASE/$CA/NewCAcert.pem" \

            

            

              370
              
		-days "$ssl_default_days" -passin "file:$SSLBASE/password" \

            

            

              371
              
		-signkey "$SSLBASE/$CA/private/CAkey.pem"

            

            

              372
              
	mv "$SSLBASE/$CA/NewCAcert.pem" "$SSLBASE/$CA/CAcert.pem"

            

            

              373
              

            

            

              374
              
	cd "$SSLBASE"

            

            

              375
              
	for fqdn in *."$domainname"; do

            

            

              376
              
		renew_cert "$fqdn" "$ssl_default_days"

            

            

              377
              
	done

            

            

              378
              

            

            

              379
              
	cp "$SSLBASE/$CA/CAcert.pem" /var/www/ucs-root-ca.crt

            

            

              380
              

            

            

              381
              
	/usr/sbin/univention-certificate-check-validity

            

            

              382
              

            

            

              383
              
	if [ -d "$CYRUSBASE" ]; then

            

            

              384
              
		cp "$SSLBASE/$(hostname -f)/cert.pem" "$CYRUSBASE"

            

            

              385
              
		cp "$SSLBASE/$(hostname -f)/private.key" "$CYRUSBASE"

            

            

              386
              
		chown cyrus:mail "$CYRUSBASE/cert.pem"

            

            

              387
              
		chown cyrus:mail "$CYRUSBASE/private.key"

            

            

              388
              
	fi

            

            

              389
              

            

            

              390
              
	if [ -d "$ADBASE" ]; then

            

            

              391
              
		cp "$SSLBASE/$(hostname -f)/cert.pem" "$ADBASE"

            

            

              392
              
		cp "$SSLBASE/$(hostname -f)/private.key" "$ADBASE"

            

            

              393
              
		chgrp www-data "$ADBASE/cert.pem"

            

            

              394
              
		chgrp www-data "$ADBASE/private.key"

            

            

              395
              
	fi

            

            

              396
              

            

            

              397
              
	if [ -d "$RADIUSBASE" ]; then

            

            

              398
              
		cp "$SSLBASE/$(hostname -f)/cert.pem" "$RADIUSBASE"

            

            

              399
              
		cp "$SSLBASE$(hostname -f)/private.key" "$RADIUSBASE"

            

            

              400
              
		chown root:freerad "$RADIUSBASE/cert.pem"

            

            

              401
              
		chown root:freerad "$RADIUSBASE/private.key"

            

            

              402
              
	fi

            

            

              403
              
}

            

            

              404
              

            

        

          360
          
# Parameter 1: Name des CN dessen Zertifikat wiederufen werden soll

          405
          
# Parameter 1: Name des CN dessen Zertifikat wiederufen werden soll

        

        

          361
          

          406
          

        

        

          362
          
revoke_cert () {

          407
          
revoke_cert () {

        



(-)base/univention-ssl/univention-certificate
      (+8 lines)




  

    

    

       Lines 43-48
       
    
  Link Here 
    

  

        

          43
          
	echo "        new"

          43
          
	echo "        new"

        

        

          44
          
	echo "        revoke"

          44
          
	echo "        revoke"

        

        

          45
          
	echo "        renew"

          45
          
	echo "        renew"

        

            

              
              
              46
              
	echo "        renew-all"

            

        

          46
          
	echo "        check"

          47
          
	echo "        check"

        

        

          47
          
	echo "        dump"

          48
          
	echo "        dump"

        

        

          48
          
	echo "        list"

          49
          
	echo "        list"

        

  

    

    

       Lines 81-86
       
    
  Link Here 
    

  

        

          81
          
	new) command="$1" ;;

          82
          
	new) command="$1" ;;

        

        

          82
          
	revoke) command="$1" ;;

          83
          
	revoke) command="$1" ;;

        

        

          83
          
	renew) command="$1" ;;

          84
          
	renew) command="$1" ;;

        

            

              
              
              85
              
	renew-all) command="$1" name="DUMMY" ;;

            

        

          84
          
	check) command="$1" ;;

          86
          
	check) command="$1" ;;

        

        

          85
          
	list) command="$1" name="DUMMY" ;;

          87
          
	list) command="$1" name="DUMMY" ;;

        

        

          86
          
	dump) command="$1" ;;

          88
          
	dump) command="$1" ;;

        

  

    

    

       Lines 123-128
       
    
  Link Here 
    

  

        

          123
          
		renew_cert "$name" "$days"

          125
          
		renew_cert "$name" "$days"

        

        

          124
          
}

          126
          
}

        

        

          125
          

          127
          

        

            

              
              
              128
              
renew-all () {

            

            

              129
              
		run_only master exclusive

            

            

              130
              
		echo "Renew all certificates"

            

            

              131
              
		renew_all_certs

            

            

              132
              
}

            

            

              133
              

            

        

          126
          
check () {

          134
          
check () {

        

        

          127
          
		local rv=0

          135
          
		local rv=0

        

        

          128
          
		run_only backup shared

          136
          
		run_only backup shared

        






  

  Return to bug 30294