/[pdpsoft]/nl.nikhef.pdp.tcs/nl.nikhef.pdp.tcs.tcsg4-tools/trunk/tcsg4-install-servercert.sh
ViewVC logotype

Diff of /nl.nikhef.pdp.tcs/nl.nikhef.pdp.tcs.tcsg4-tools/trunk/tcsg4-install-servercert.sh

Parent Directory Parent Directory | Revision Log Revision Log | View Patch Patch

revision 3329 by davidg, Fri Jul 10 14:53:30 2020 UTC revision 3330 by davidg, Mon Jul 5 08:35:52 2021 UTC
# Line 190  for i in "$tempdir"/cert-*-"$credbase".p Line 190  for i in "$tempdir"/cert-*-"$credbase".p
190  do  do
191    certcn=`openssl x509 -noout -subject -nameopt oneline,sep_comma_plus \    certcn=`openssl x509 -noout -subject -nameopt oneline,sep_comma_plus \
192      -in "$i" | \      -in "$i" | \
193      sed -e 's/.*CN = \([a-zA-Z0-9\._][- a-zA-Z0-9:\._@]*\).*/\1/'`      sed -e 's/.*CN = \([a-zA-Z0-9\._\*][- a-zA-Z0-9:\*\._@]*\).*/\1/'`
194    issuercn=`openssl x509 -noout -issuer -nameopt oneline,sep_comma_plus \    issuercn=`openssl x509 -noout -issuer -nameopt oneline,sep_comma_plus \
195      -in "$i" | \      -in "$i" | \
196      sed -e 's/.*CN = \([a-zA-Z0-9\._][- a-zA-Z0-9:\._@]*\).*/\1/'`      sed -e 's/.*CN = \([a-zA-Z0-9\._][- a-zA-Z0-9:\._@]*\).*/\1/'`
# Line 215  do Line 215  do
215    esac    esac
216    
217    if [ $certisca -eq 0 ]; then    if [ $certisca -eq 0 ]; then
218      certfn=`echo "$certcn" | sed -e 's/[^-a-zA-Z0-9_\.]/_/g'`      certfn=`echo "$certcn" | sed -e 's/\*/WILDCARD/g;s/[^-a-zA-Z0-9_\.]/_/g'`
219      certfndated=`echo "$certcn issued $certdate" | \      certfndated=`echo "$certcn issued $certdate" | \
220                   sed -e 's/[^-a-zA-Z0-9_]/_/g'`                   sed -e 's/[^-a-zA-Z0-9_]/_/g'`
221      echo "Processing EEC certificate: $certcn"      echo "Processing EEC certificate: $certcn"
# Line 286  cat "$destdir/cert-$certfn.pem" "$destdi Line 286  cat "$destdir/cert-$certfn.pem" "$destdi
286      > "$destdir/nginx-$certfn.pem"      > "$destdir/nginx-$certfn.pem"
287    
288  # ############################################################################  # ############################################################################
289    # create a PKCS#12 (p12/pfx) bundle for ISS/MS and appliances
290    #
291    openssl pkcs12 -export -nodes \
292        -inkey key-$certfn.pem -in cert-$certfn.pem \
293        -name "SSL $profile certificate $certfn" \
294        -certfile chain-$certfn.pem \
295        -passout pass: \
296        -out bundle-$certfn.p12
297    chmod 0600 bundle-$certfn.p12
298    
299    # ############################################################################
300  # make per-profile copies in case of key re-use for same host new profile  # make per-profile copies in case of key re-use for same host new profile
301  #  #
302  if [ "$profile" != "" ]; then  if [ "$profile" != "" ]; then

Legend:
Removed from v.3329  
changed lines
  Added in v.3330

grid.support@nikhef.nl
ViewVC Help
Powered by ViewVC 1.1.28