| 179 |
rodolico |
1 |
#! /usr/bin/env perl
|
|
|
2 |
|
| 182 |
rodolico |
3 |
# copies server certificates to target, then restarts services
|
|
|
4 |
# If called with one parameter (hostname), will copy all .crt
|
|
|
5 |
# and .key files matching hostname (ie, hostname*.crt and
|
|
|
6 |
# hostname*.key.
|
|
|
7 |
#
|
|
|
8 |
# assumes root user on this system can connect to hostname as
|
|
|
9 |
# root.
|
|
|
10 |
#
|
|
|
11 |
# restarts service apache2 on hostname after copy.
|
|
|
12 |
#
|
|
|
13 |
# assumes crt and key files are in $serverCertDir
|
|
|
14 |
|
| 179 |
rodolico |
15 |
use strict;
|
|
|
16 |
use warnings;
|
|
|
17 |
|
| 182 |
rodolico |
18 |
use FindBin;
|
|
|
19 |
use File::Spec;
|
|
|
20 |
use Cwd 'abs_path';
|
|
|
21 |
use File::Basename;
|
|
|
22 |
|
|
|
23 |
my $binDir = dirname( abs_path( __FILE__ ) ) . '/';
|
|
|
24 |
my $config = $binDir . "makeCert.conf";
|
|
|
25 |
|
|
|
26 |
my $configFile; # prototype for the domain specific config file
|
|
|
27 |
my $caCRT; # location of the CA crt file
|
|
|
28 |
my $caKey; # location of the CA Key file
|
|
|
29 |
my $serverCertDir; # where to put the server certs
|
|
|
30 |
my $certDays; # number of days a Server certificate is valid for, not used here
|
|
|
31 |
my $caDays; # number of days a CA is good for
|
|
|
32 |
|
|
|
33 |
die "Config File $config not found\n" unless -f $config;
|
|
|
34 |
die "openssl config file $sslConfig not found\n" unless -f $sslConfig;
|
|
|
35 |
|
|
|
36 |
# load the config file
|
|
|
37 |
eval `cat $config`;
|
|
|
38 |
|
| 179 |
rodolico |
39 |
my $targetDir = '/etc/certificates/';
|
|
|
40 |
my $remoteCommand = 'chmod 644 /etc/certificates/* && chown root:root /etc/certificates/* && service apache2 reload';
|
|
|
41 |
my $hostname = shift;
|
|
|
42 |
my $certname = shift;
|
|
|
43 |
|
| 182 |
rodolico |
44 |
die "Usage: $0 hostname [certname]\n" unless $hostname;
|
| 179 |
rodolico |
45 |
|
| 184 |
rodolico |
46 |
# get list of all crt files (without the extension) into @temp
|
|
|
47 |
my @temp;
|
|
|
48 |
if ( $certname ) {
|
|
|
49 |
die "Can not find $certname ending in .crt or .key\n" unless -f "$serverCertDir$certname.crt" && -f "$serverCertDir$certname.key";
|
|
|
50 |
push @temp, "$serverCertDir$certname";
|
|
|
51 |
} else {
|
|
|
52 |
opendir my $dh, $serverCertDir or die "Can not find cert directory $certDir: $!\n";
|
|
|
53 |
# get all matching cert files
|
|
|
54 |
my @temp = grep { /^$certname.*\.crt/ } readdir( $dh );
|
|
|
55 |
closedir $dh;
|
|
|
56 |
for ( my $i = 0; $i < @temp; $i++ ) {
|
|
|
57 |
$temp[$i] =~ s/crt$//;
|
|
|
58 |
}
|
|
|
59 |
}
|
|
|
60 |
|
|
|
61 |
# make pem, create a list of all files to copy
|
|
|
62 |
my $filesToCopy;
|
|
|
63 |
foreach my $file ( @temp ) {
|
|
|
64 |
die "Can not find $key file $file\n" unless -e "$file\.key";
|
|
|
65 |
`cat $file.crt $file.key > $file.pem`;
|
|
|
66 |
$filesToCopy .= "$file.crt";
|
|
|
67 |
$filesToCopy .= "$file.key";
|
|
|
68 |
$filesToCopy .= "$file.pem";
|
|
|
69 |
}
|
|
|
70 |
|
|
|
71 |
# ensure target directory exists on $hostname
|
|
|
72 |
`ssh $hostname 'mkdir -p /etc/certificates`;
|
|
|
73 |
# copy the files
|
|
|
74 |
`scp $filesToCopy $hostname:$targetDir`;
|
|
|
75 |
# set permissions and reload services
|
| 179 |
rodolico |
76 |
`ssh $hostname '$remoteCommand'`;
|
|
|
77 |
|
|
|
78 |
print "$hostname updated and web server restarted\n";
|
|
|
79 |
|
|
|
80 |
1;
|