SSLR1Soft.sh 2.13 KB
Newer Older
MegaS0ra's avatar
MegaS0ra committed
1
2
#!/bin/bash
# Execute this script followed by the email address to which the Let's Encrypt certificate's notifications will be sent
MegaS0ra's avatar
MegaS0ra committed
3

MegaS0ra's avatar
MegaS0ra committed
4
if [ -z "$1" ]; then
MegaS0ra's avatar
MegaS0ra committed
5
6
7
8
        echo "Missing argument."
        echo "Please run command followed by email address for LE notifications."
fi

MegaS0ra's avatar
MegaS0ra committed
9
echo -e "\n### Checking requirements..."
MegaS0ra's avatar
MegaS0ra committed
10
rpm -qa | grep "git-"
MegaS0ra's avatar
MegaS0ra committed
11
if test $? -eq 1; then
MegaS0ra's avatar
MegaS0ra committed
12
13
        yum -y install git
fi
MegaS0ra's avatar
MegaS0ra committed
14
yum -y update nss nss-util nss-sysinit nss-tools wget curl ca-certificates openssl
MegaS0ra's avatar
MegaS0ra committed
15

MegaS0ra's avatar
MegaS0ra committed
16
echo -e "\n### Installing Let's Encrypt..."
MegaS0ra's avatar
MegaS0ra committed
17
18
19
20
if [ ! -d "/root/letsencrypt/" ]; then
        git clone https://github.com/letsencrypt/letsencrypt
fi

MegaS0ra's avatar
MegaS0ra committed
21
echo -e "\n### Certificate creation..."
MegaS0ra's avatar
MegaS0ra committed
22
service iptables stop
MegaS0ra's avatar
MegaS0ra committed
23
./letsencrypt/letsencrypt-auto certonly --standalone --agree-tos -d $(hostname) --rsa-key-size 4096 --email $1
MegaS0ra's avatar
MegaS0ra committed
24
25
service iptables start

MegaS0ra's avatar
MegaS0ra committed
26
echo -e "\n### Adding certificate to R1Soft..."
MegaS0ra's avatar
MegaS0ra committed
27
28
29
30
31
32
cd /etc/letsencrypt/live/$(hostname)/
openssl pkcs8 -topk8 -nocrypt -in privkey.pem -inform PEM -out privkey.pem.der -outform DER
openssl x509 -in fullchain.pem -inform PEM -out fullchain.pem.der -outform DER

cd /usr/sbin/r1soft/jre/bin
chmod 755 java keytool
MegaS0ra's avatar
MegaS0ra committed
33
wget -N https://github.com/MegaS0ra/LetsEncryptForR1Soft/raw/master/importkey.zip
MegaS0ra's avatar
MegaS0ra committed
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
unzip -o importkey.zip

./java ImportKey /etc/letsencrypt/live/$(hostname)/privkey.pem.der /etc/letsencrypt/live/$(hostname)/fullchain.pem.der

echo -e "importkey\npassword\npassword" | ./keytool -storepasswd -keystore /root/keystore.ImportKey

echo -e "password\nimportkey\npassword\npassword" | ./keytool -keypasswd -alias importkey -keystore /root/keystore.ImportKey

/bin/cp /root/keystore.ImportKey /root/keystore ; rm -f /root/keystore.ImportKey

echo -e "password\noui" | ./keytool -import -alias intermed -file /etc/letsencrypt/live/$(hostname)/chain.pem -keystore /root/keystore -trustcacerts

/bin/cp /usr/sbin/r1soft/conf/keystore /usr/sbin/r1soft/conf/keystore.old
/bin/cp /root/keystore /usr/sbin/r1soft/conf/keystore
service cdp-server restart

cd /usr/sbin/r1soft/conf/
echo -e "password" | keytool -delete -keystore keystore -alias cdp

echo -e "password" | keytool -changealias -keystore keystore -alias importkey -destalias cdp

service cdp-server restart