You cannot select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
44 lines
1.7 KiB
Bash
44 lines
1.7 KiB
Bash
#!/bin/sh
|
|
|
|
KEYSTORE_DOMAIN="${KEYSTORE_DOMAIN:-darklimericks.com}"
|
|
KEYSTORE_PASS="${KEYSTORE_PASS:-hunter22}"
|
|
|
|
# Create keystore
|
|
echo "Refreshing '~/ssl/$KEYSTORE_DOMAIN.keystore'"
|
|
openssl pkcs12 -export \
|
|
-in /etc/letsencrypt/live/$KEYSTORE_DOMAIN/cert.pem \
|
|
-inkey /etc/letsencrypt/live/$KEYSTORE_DOMAIN/privkey.pem \
|
|
-out /tmp/$KEYSTORE_DOMAIN.p12 \
|
|
-name $KEYSTORE_DOMAIN \
|
|
-CAfile /etc/letsencrypt/live/$KEYSTORE_DOMAIN/fullchain.pem \
|
|
-caname "Let's Encrypt Authority X3" \
|
|
-password pass:$KEYSTORE_PASS
|
|
keytool -importkeystore \
|
|
-deststorepass $KEYSTORE_PASS \
|
|
-destkeypass $KEYSTORE_PASS \
|
|
-deststoretype pkcs12 \
|
|
-srckeystore /tmp/$KEYSTORE_DOMAIN.p12 \
|
|
-srcstoretype PKCS12 \
|
|
-srcstorepass $KEYSTORE_PASS \
|
|
-destkeystore /tmp/$KEYSTORE_DOMAIN.keystore \
|
|
-alias $KEYSTORE_DOMAIN
|
|
# Move certificates to other servers
|
|
echo "Copy '~/ssl/$KEYSTORE_DOMAIN.keystore' to cluster servers"
|
|
cp /tmp/$KEYSTORE_DOMAIN.keystore /root/ssl/$KEYSTORE_DOMAIN.keystore
|
|
|
|
# Create truststore
|
|
echo "Refreshing '~/ssl/theirdomain.be.keystore'"
|
|
rm theirdomain.be.keystore
|
|
openssl s_client -connect theirdomain.be:443 -showcerts </dev/null 2>/dev/null|openssl x509 -outform DER >theirdomain.der
|
|
openssl x509 -inform der -in theirdomain.der -out theirdomain.pem
|
|
keytool -import \
|
|
-alias theirdomain \
|
|
-keystore theirdomain.be.keystore \
|
|
-file ./theirdomain.pem \
|
|
-storepass theirdomain \
|
|
-noprompt
|
|
echo "Copy '~/ssl/theirdomain.be.keystore' to cluster servers"
|
|
cp theirdomain.be.keystore /home/admin_jworks/ssl/
|
|
sudo scp ssl/theirdomain.be.keystore cc-backend-node-02:/home/admin_jworks/ssl/
|
|
sudo scp ssl/theirdomain.be.keystore cc-frontend-node-01:/home/admin_jworks/ssl/
|