Subversion Repositories sysadmin_scripts

Rev

Rev 184 | Blame | Compare with Previous | Last modification | View Log | Download | RSS feed 

#! /usr/bin/env perl

# copies server certificates to target, then restarts services
# If called with one parameter (hostname), will copy all .crt
# and .key files matching hostname (ie, hostname*.crt and 
# hostname*.key.
#
# assumes root user on this system can connect to hostname as
# root.
#
# restarts service apache2 on hostname after copy.
#
# assumes crt and key files are in $serverCertDir

use strict;
use warnings;

use FindBin;
use File::Spec;
use Cwd 'abs_path';
use File::Basename;

my $binDir = dirname( abs_path( __FILE__ ) ) . '/';
my $config = $binDir . "makeCert.conf";

my $configFile;    # prototype for the domain specific config file
my $caCRT;         # location of the CA crt file
my $caKey;         # location of the CA Key file
my $serverCertDir; # where to put the server certs
my $certDays;      # number of days a Server certificate is valid for, not used here
my $caDays;        # number of days a CA is good for

die "Config File $config not found\n" unless -f $config;
#die "openssl config file $sslConfig not found\n" unless -f $sslConfig;

# load the config file
eval `cat $config`;

my $targetDir = '/etc/certificates/';
my $remoteCommand = 'chmod 644 /etc/certificates/* && chown root:root /etc/certificates/* && service apache2 reload';
my $hostname = shift;
my $certname = shift;

die "Usage: $0 hostname [certname]\n" unless $hostname;

# get list of all crt files (without the extension) into @temp
my @temp;
if ( $certname ) {
   die "Can not find $certname ending in .crt or .key\n" unless -f "$serverCertDir$certname.crt" && -f "$serverCertDir$certname.key";
   push @temp, "$serverCertDir$certname";
} else {
   $certname = $hostname;
   opendir my $dh, $serverCertDir or die "Can not find cert directory $serverCertDir: $!\n";
   # get all matching cert files
   @temp = map{ $serverCertDir . $_ } grep { /^$certname.*\.crt/ } readdir( $dh );
   closedir $dh;
   for ( my $i = 0; $i < @temp; $i++ ) {
      $temp[$i] =~ s/\.crt$//;
   }
}

# make pem, create a list of all files to copy
my $filesToCopy;
foreach my $file ( @temp ) {
   die "Can not find key file $file.key\n" unless -e "$file\.key";
   `cat $file.crt $file.key > $file.pem`;
   $filesToCopy .= "$file.crt $file.key $file.pem ";
}

# ensure target directory exists on $hostname
`ssh $hostname 'mkdir -p /etc/certificates'`;
# copy the files
`scp $filesToCopy $hostname:$targetDir`;
# set permissions and reload services
`ssh $hostname '$remoteCommand'`;

print "$hostname updated and web server restarted\n";

1;