xCAT/xcat-core
2
0
Fork 0
mirror of https://github.com/xcat2/xcat-core.git synced 2025-10-30 19:02:27 +00:00
Code Issues Releases Wiki Activity
Files
e56c35c3cd7e0b1eb07bc4eec46a484b5e553a1c
xcat-core/xCAT-server/share/xcat/scripts/setup-server-cert.sh

48 lines
1.5 KiB
Bash
Executable File
Raw Blame History

# IBM(c) 2007 EPL license http://www.eclipse.org/legal/epl-v10.html
#XCATDIR=`gettab key=xcatconfdir site.value`
if [ -z "$XCATDIR" ]; then
XCATDIR=/etc/xcat
fi
if [ -z "$1" ]; then
echo "Usage: $0 servername"
fi
umask 0077
CNA=$*
XCATCADIR=$XCATDIR/ca
if [ -e $XCATDIR/cert ]; then
echo -n "$XCATDIR/cert already exists, delete and start over (y/n)?"
read ANSWER
if [ "$ANSWER" != "y" ]; then
echo "Aborting at user request"
exit 0
fi
rm -rf $XCATDIR/cert
fi
mkdir -p $XCATDIR/cert
cd $XCATDIR/cert
sed -i "s/#XCATCASAN#/DNS.1 = `hostname --long`\nDNS.2 = `hostname --short`/g" $XCATCADIR/openssl.cnf
openssl genrsa -out server-key.pem 2048
openssl req -config $XCATCADIR/openssl.cnf -new -key server-key.pem -out server-req.pem -extensions server -subj "/CN=$CNA"
cp server-req.pem $XCATDIR/ca/`hostname`.csr
cd -
cd $XCATDIR/ca
# - "make sign" doesn't seem to work on my AIX system???
# - seems to be a problem with the use of the wildcard in the Makefile
# - call cmds directly instead - seems safe
# make sign
openssl ca -startdate 600101010101Z -config openssl.cnf -in `hostname`.csr -out `hostname`.cert -extensions server -extensions san_env
if [ -f `hostname`.cert ]; then
rm `hostname`.csr
fi
cp `hostname`.cert $XCATDIR/cert/server-cert.pem
#Put key and cert in a single file for the likes of conserver
cat $XCATDIR/cert/server-cert.pem $XCATDIR/cert/server-key.pem > $XCATDIR/cert/server-cred.pem
cp ca-cert.pem $XCATDIR/cert/ca.pem
cd -
Reference in New Issue View Git Blame Copy Permalink