Changes between Initial Version and Version 1 of support-team/update-ssl-certificate

Timestamp:

Apr 11, 2014, 7:35:54 PM (7 years ago)

Author:

Ross

Comment:

--

support-team/update-ssl-certificate

@@ +1 @@
+== Script for updating server ssls ==
+{{{
+#!/bin/bash
+
+# This script copies a PositiveSSL zip file to the specified server
+# and installs it.
+#
+# Usage ./update-ssl-certificate.sh SERVER_NAME /PATH/TO/CERTIFICATE.ZIP
+#
+# Example ./update-ssl-certificate.sh malcolm /home/ross/malcolm_mayfirst_org.zip
+
+if [[ $# -lt 2 ]] ; then
+    echo 'Please supply server name and path to zip file.'
+    exit 1
+fi
+
+echo "Creating /etc/ssl/temp directory..."
+ssh -t root@$1.mayfirst.org "mkdir -p /etc/ssl/temp && rm -rf /etc/ssl/temp/*"
+
+echo "Copying zip file $2"
+scp $2 root@$1.mayfirst.org:/etc/ssl/temp
+
+echo "Unzipping zip file..."
+ssh -t root@$1.mayfirst.org "cd /etc/ssl/temp/ && unzip $1_mayfirst_org.zip -d /etc/ssl/temp"
+
+echo "Building $1.mayfirst.org.crt.new..."
+ssh -t root@$1.mayfirst.org "cat /etc/ssl/temp/COMODORSAAddTrustCA.crt >> /etc/ssl/temp/$1_mayfirst_org.crt && cat /etc/ssl/temp/COMODORSADomainValidationSecureServerCA.crt >> /etc/ssl/temp/$1_mayfirst_org.crt && mv /etc/ssl/temp/$1_mayfirst_org.crt /etc/ssl/$1.mayfirst.org.crt.new"
+
+echo "Creating $1.mayfirst.org.pem.new"
+ssh -t root@$1.mayfirst.org  "cd /etc/ssl/private && umask 177; cat $1.mayfirst.org.safe.key >> $1.mayfirst.org.pem.new && cat ../$1.mayfirst.org.crt.new >> $1.mayfirst.org.pem.new; umask 133"
+
+# Use this line for brand new servers
+# ssh -t root@$1.mayfirst.org  "cd /etc/ssl/private && umask 177; cat $1.mayfirst.org.key.uncertified >> $1.mayfirst.org.pem.new && cat ../$1.mayfirst.org.crt.new >> $1.mayfirst.org.pem.new; umask 133"
+
+echo "Moving new files into place..."
+ssh -t root@$1.mayfirst.org "mv /etc/ssl/$1.mayfirst.org.crt{,.old} && mv /etc/ssl/$1.mayfirst.org.crt{.new,} && mv /etc/ssl/private/$1.mayfirst.org.pem{,.old} && mv /etc/ssl/private/$1.mayfirst.org.pem{.new,} && mv /etc/ssl/private/$1.mayfirst.org.key{,.old} && mv /etc/ssl/private/$1.mayfirst.org.safe.key /etc/ssl/private/$1.mayfirst.org.key && /usr/local/sbin/freepuppet-run"
+
+# Use this line for brand new servers
+# ssh -t root@$1.mayfirst.org "mv /etc/ssl/$1.mayfirst.org.crt{,.old} && mv /etc/ssl/$1.mayfirst.org.crt{.new,} && mv /etc/ssl/private/$1.mayfirst.org.pem{,.old} && mv /etc/ssl/private/$1.mayfirst.org.pem{.new,} && /usr/local/sbin/freepuppet-run"
+
+echo "Restarting services..."
+ssh -t root@$1.mayfirst.org "service apache2 restart && service courier-imap-ssl restart && service courier-pop-ssl restart && service postfix restart"
+
+echo "Verifying $1.mayfirst.org.pem file..."
+
+a=$(echo "LOGOUT" | gnutls-cli -V --port imaps $1.mayfirst.org | grep "Handshake was completed")
+echo "$a";
+if [ "$a" = "- Handshake was completed" ];
+then
+    echo "Cleaning up.."
+    echo "Removing /etc/ssl/temp directory and old files..."
+    ssh -t root@$1.mayfirst.org "rm -rf /etc/ssl/temp/ && rm -f /etc/ssl/*.old && rm -f /etc/ssl/private/*.old"
+    
+else
+
+    printf "**** Something has gone wrong, please check the server. ****\n\n"
+    printf "Try running \n\n"
+    printf "gnutls-cli -V --port imaps $1.mayfirst.org\n\n"
+    printf "for additional information.\n"
+fi
+}}}