Changes between Initial Version and Version 1 of support-team/update-ssl-certificate


Ignore:
Timestamp:
Apr 11, 2014, 7:35:54 PM (7 years ago)
Author:
Ross
Comment:

--

Legend:

Unmodified
Added
Removed
Modified
  • support-team/update-ssl-certificate

    v1 v1  
     1== Script for updating server ssls ==
     2{{{
     3#!/bin/bash
     4
     5# This script copies a PositiveSSL zip file to the specified server
     6# and installs it.
     7#
     8# Usage ./update-ssl-certificate.sh SERVER_NAME /PATH/TO/CERTIFICATE.ZIP
     9#
     10# Example ./update-ssl-certificate.sh malcolm /home/ross/malcolm_mayfirst_org.zip
     11
     12if [[ $# -lt 2 ]] ; then
     13    echo 'Please supply server name and path to zip file.'
     14    exit 1
     15fi
     16
     17echo "Creating /etc/ssl/temp directory..."
     18ssh -t root@$1.mayfirst.org "mkdir -p /etc/ssl/temp && rm -rf /etc/ssl/temp/*"
     19
     20echo "Copying zip file $2"
     21scp $2 root@$1.mayfirst.org:/etc/ssl/temp
     22
     23echo "Unzipping zip file..."
     24ssh -t root@$1.mayfirst.org "cd /etc/ssl/temp/ && unzip $1_mayfirst_org.zip -d /etc/ssl/temp"
     25
     26echo "Building $1.mayfirst.org.crt.new..."
     27ssh -t root@$1.mayfirst.org "cat /etc/ssl/temp/COMODORSAAddTrustCA.crt >> /etc/ssl/temp/$1_mayfirst_org.crt && cat /etc/ssl/temp/COMODORSADomainValidationSecureServerCA.crt >> /etc/ssl/temp/$1_mayfirst_org.crt && mv /etc/ssl/temp/$1_mayfirst_org.crt /etc/ssl/$1.mayfirst.org.crt.new"
     28
     29echo "Creating $1.mayfirst.org.pem.new"
     30ssh -t root@$1.mayfirst.org  "cd /etc/ssl/private && umask 177; cat $1.mayfirst.org.safe.key >> $1.mayfirst.org.pem.new && cat ../$1.mayfirst.org.crt.new >> $1.mayfirst.org.pem.new; umask 133"
     31
     32# Use this line for brand new servers
     33# ssh -t root@$1.mayfirst.org  "cd /etc/ssl/private && umask 177; cat $1.mayfirst.org.key.uncertified >> $1.mayfirst.org.pem.new && cat ../$1.mayfirst.org.crt.new >> $1.mayfirst.org.pem.new; umask 133"
     34
     35echo "Moving new files into place..."
     36ssh -t root@$1.mayfirst.org "mv /etc/ssl/$1.mayfirst.org.crt{,.old} && mv /etc/ssl/$1.mayfirst.org.crt{.new,} && mv /etc/ssl/private/$1.mayfirst.org.pem{,.old} && mv /etc/ssl/private/$1.mayfirst.org.pem{.new,} && mv /etc/ssl/private/$1.mayfirst.org.key{,.old} && mv /etc/ssl/private/$1.mayfirst.org.safe.key /etc/ssl/private/$1.mayfirst.org.key && /usr/local/sbin/freepuppet-run"
     37
     38# Use this line for brand new servers
     39# ssh -t root@$1.mayfirst.org "mv /etc/ssl/$1.mayfirst.org.crt{,.old} && mv /etc/ssl/$1.mayfirst.org.crt{.new,} && mv /etc/ssl/private/$1.mayfirst.org.pem{,.old} && mv /etc/ssl/private/$1.mayfirst.org.pem{.new,} && /usr/local/sbin/freepuppet-run"
     40
     41echo "Restarting services..."
     42ssh -t root@$1.mayfirst.org "service apache2 restart && service courier-imap-ssl restart && service courier-pop-ssl restart && service postfix restart"
     43
     44echo "Verifying $1.mayfirst.org.pem file..."
     45
     46a=$(echo "LOGOUT" | gnutls-cli -V --port imaps $1.mayfirst.org | grep "Handshake was completed")
     47echo "$a";
     48if [ "$a" = "- Handshake was completed" ];
     49then
     50    echo "Cleaning up.."
     51    echo "Removing /etc/ssl/temp directory and old files..."
     52    ssh -t root@$1.mayfirst.org "rm -rf /etc/ssl/temp/ && rm -f /etc/ssl/*.old && rm -f /etc/ssl/private/*.old"
     53   
     54else
     55
     56    printf "**** Something has gone wrong, please check the server. ****\n\n"
     57    printf "Try running \n\n"
     58    printf "gnutls-cli -V --port imaps $1.mayfirst.org\n\n"
     59    printf "for additional information.\n"
     60fi
     61}}}