Commit c39b6e1f authored by Benoît's avatar Benoît
Browse files

Delete SSLR1Soft-old.sh

parent b0c48124
#!/bin/bash
# Execute this script followed by the email address to which the Let's Encrypt certificate's notifications will be sent
echo -e "########################################################################"
echo -e "########## Let's Encrypt certificate creation/renewal process ##########"
echo -e "########################################################################"
if [ -z "$1" ]; then
echo "Missing argument."
echo "Please run command followed by email address for LE notifications."
exit
fi
echo -e "\\n### Checking requirements..."
rpm -qa | grep "git-"
if test $? -eq 1; then
yum -y install git
fi
yum -y update nss nss-util nss-sysinit nss-tools wget curl ca-certificates openssl
echo -e "\\n### Installing Let's Encrypt..."
if [ ! -d "/opt/letsencrypt/" ]; then
cd /opt/ || exit
git clone https://github.com/letsencrypt/letsencrypt
fi
echo -e "\\n### Certificate creation..."
service iptables stop
if [ ! -f "/etc/letsencrypt/live/$(hostname)/fullchain.pem" ]; then
/opt/letsencrypt/letsencrypt-auto certonly --standalone --agree-tos --no-eff-email --manual-public-ip-logging-ok -d "$(hostname)" --rsa-key-size 4096 --email "$1"
else
/opt/letsencrypt/letsencrypt-auto renew
fi
service iptables start
if grep -q "Cert not yet due for renewal" /var/log/letsencrypt/letsencrypt.log; then
echo "The certificate is not yet due for renewal. The certificate won't be renewed."
echo "The script will continue and check if the last certificate was imported into R1Soft keystore."
fi
echo -e "########################################################################"
echo -e "############## R1soft keystore certificate import process ##############"
echo -e "########################################################################"
echo -e "\\n### Adding certificate to R1Soft..."
cd /etc/letsencrypt/live/"$(hostname)"/ || exit
openssl pkcs8 -topk8 -nocrypt -in privkey.pem -inform PEM -out privkey.pem.der -outform DER
openssl x509 -in fullchain.pem -inform PEM -out fullchain.pem.der -outform DER
if [ ! -f "/usr/sbin/r1soft/jre/bin/ImportKey.class" ]; then
cd /usr/sbin/r1soft/jre/bin || exit
chmod 755 java keytool
wget -N https://gitlab.haisoft.net/pub/R1Soft_LetsEncryptIntegration/raw/master/importkey.zip
unzip -o importkey.zip
fi
export LANG=en_US.UTF-8
export _JAVA_OPTIONS=-Duser.home=/usr/sbin/r1soft/conf
cd /usr/sbin/r1soft/conf/ || exit
/usr/sbin/r1soft/jre/bin/java -classpath /usr/sbin/r1soft/jre/bin/ ImportKey /etc/letsencrypt/live/"$(hostname)"/privkey.pem.der /etc/letsencrypt/live/"$(hostname)"/fullchain.pem.der
echo -e "importkey\npassword\npassword" | /usr/sbin/r1soft/jre/bin/keytool -storepasswd -keystore /usr/sbin/r1soft/conf/keystore.ImportKey
echo -e "password\nimportkey\npassword\npassword" | /usr/sbin/r1soft/jre/bin/keytool -keypasswd -alias importkey -keystore /usr/sbin/r1soft/conf/keystore.ImportKey
/bin/mv /usr/sbin/r1soft/conf/keystore.ImportKey /usr/sbin/r1soft/conf/keystore
echo -e "password\nyes" | /usr/sbin/r1soft/jre/bin/keytool -import -alias intermed -file /etc/letsencrypt/live/"$(hostname)"/chain.pem -keystore /usr/sbin/r1soft/conf/keystore -trustcacerts
service cdp-server restart
cd /usr/sbin/r1soft/conf/ || exit
echo -e "password" | keytool -delete -keystore keystore -alias cdp
echo -e "password" | keytool -changealias -keystore keystore -alias importkey -destalias cdp
service cdp-server restart
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment