#!/bin/sh # ok I am putting all the variables up the top because I had to do a find and replace and it took ages last time SSLCONF="/usr/local/apache2/conf/ssl.conf" # In apache 2 the ssl directives are handled seperately in ssl.conf # if you have apach 1.3x then the path will be to your httpd.conf file # SSLCONF="/usr/local/apache/conf/httpd.conf" SSLDIR="/usr/local/apache/conf" # this creates a directory structure so you don't get your server certificate and your private key (CA) mixed up # /path/to/conf/ssl # /ssl.cert <-- server certificate in here # /ssl.key <-- private key in here SSLPREFIX=`hostname` # By default I name the key and cert after the host.... it helps to identify them OPENSSL=`which openssl 2> /dev/null` # Path to openssl binary if it aint in the path you will have to specify it thusly # OPENSSL="/usr/local/openssl" # or wait and the script will ask if which doesn't pick it up.... HTTPDCMD="/etc/rc.d/init.d/httpd restart" # command to restart the httpd daemon adjust to taste ROOT_UID=0 # Root has $UID 0. if [ "$UID" -eq "$ROOT_UID" ] ; # Will the real "root" please stand up? then echo "Root OK" else echo "You are just an ordinary user (you must be root to run this script)." exit 0 fi echo "Enter the path and filename to your apache" echo -n "ssl conf file [ default $SSLCONF ] : " read GETSSLCONF if [ -z $SSLCONF ] ; then # http.conf in apache 1.3x and ssl.conf in apache 2.0 SSLCONF=$GETSSLCONF if [ ! -f $SSLCONF ] then echo "This file [ $SSLCONF ] does not exist please rerun and type in correct location" exit 0 fi fi echo $SSLCONF echo "Enter the path you want to place the..." echo -n "ssl/ssl.crt and ssl/ssl.key dirs in [ default $SSLDIR ] : " read GETSSLDIR if [ -z $SSLDIR ] ; then SSLDIR=$GETSSLDIR fi if [ ! -d $SSLDIR ] then echo "this directory [ $SSLDIR ] doesn't exist please rerun script and put a correct entry in" exit 0 else echo $SSLDIR mkdir -p $SSLDIR/ssl/ssl.crt mkdir -p $SSLDIR/ssl/ssl.key fi # try to get path to openssl by searching path... if [ -z $OPENSSL ] then echo -n "Please enter the path to the openssl binary [$OPENSSL]: " read OPENSSL if [ ! -e $OPENSSL ] ; then echo "Incorrect Path Please restart script and enter correct path to openssl" exit 0 else # only needs setting when it aint in path export PATH=$PATH:$OPENSSL fi fi # make a directory to hold the new certs etc cd ~/ echo making key directory mkdir certmake 2> /dev/null cd certmake rm -rf * openssl genrsa 1024 > ${SSLPREFIX}.key openssl req -new -key ${SSLPREFIX}.key -out ${SSLPREFIX}.csr # make sure you have days and a big number of them because the default is one month... openssl req -x509 -key ${SSLPREFIX}.key -in ${SSLPREFIX}.csr -out ${SSLPREFIX}.crt -days 365 cp ${SSLPREFIX}.key ${SSLDIR}/ssl/ssl.key/ssl.key cp ${SSLPREFIX}.crt ${SSLDIR}/ssl/ssl.crt/ssl.crt echo $SSLDIR/ssl/ chmod 400 ${SSLDIR}/ssl -Rv cp ${SSLCONF} "${SSLCONF}.`date`.ca-install-BACKUP" # make backup copy CONFIGTMP=/tmp/configtmp$$ CRTCONFIG=${SSLDIR}/ssl/ssl.crt/ssl.crt KEYCONFIG=${SSLDIR}/ssl/ssl.key/ssl.key # normally sed uses s/rexep/replacement text/ # but because CRT & KEY vars have / we use ";" as the delimiter # Make sure you have SSLCertificateFile and SSLCertificateKeyFile Uncommented or sed wont find and replace what is needed. sed -e "s;^SSLCertificateFile.*;SSLCertificateFile $CRTCONFIG;" < ${SSLCONF} > $CONFIGTMP sed -e "s;^SSLCertificateKeyFile.*;SSLCertificateKeyFile $KEYCONFIG;" < $CONFIGTMP > ${SSLCONF} $HTTPDCMD