File: //scripts/generate_hostname_ssl
#!/bin/bash
cnf_hostname=`/bin/hostname -f`
# Check for hostname -f command issue
hostnameissuecheck=$?
if [ $hostnameissuecheck -ne 0 ];then
cnf_hostname=`/bin/hostname`
fi
# Cert
if [ -e "/root/$cnf_hostname.crt" ];then
mv /root/$cnf_hostname.crt /root/$cnf_hostname.crt.$(date +%F-%H:%M:%S)
fi
# Key
if [ -e "/root/$cnf_hostname.key" ];then
mv /root/$cnf_hostname.key /root/$cnf_hostname.key.$(date +%F-%H:%M:%S)
fi
# SSL Self signed certificate
cd /root
DOMAIN="$cnf_hostname"
if [ -z "$DOMAIN" ]; then
echo "Usage: $(basename $0) <domain>"
exit 11
fi
fail_if_error() {
[ $1 != 0 ] && {
unset PASSPHRASE
exit 10
}
}
# Generate a passphrase
export PASSPHRASE=$(head -c 500 /dev/urandom | tr -dc a-z0-9A-Z | head -c 128; echo)
# Certificate details; replace items in angle brackets with your own info
subj="
C=HR
ST=Zagreb
O=CentOS Web Panel
localityName=HR
commonName=$DOMAIN
organizationalUnitName=CentOS Web Panel
emailAddress=info@centos-webpanel.com
"
# Generate the server private key
openssl genrsa -des3 -out $DOMAIN.key -passout env:PASSPHRASE 2048
fail_if_error $?
# Generate the CSR
openssl req \
-new \
-batch \
-subj "$(echo -n "$subj" | tr "\n" "/")" \
-key $DOMAIN.key \
-out $DOMAIN.csr \
-passin env:PASSPHRASE
fail_if_error $?
cp $DOMAIN.key $DOMAIN.key.org
fail_if_error $?
# Strip the password so we don't have to type it every time we restart Apache
openssl rsa -in $DOMAIN.key.org -out $DOMAIN.key -passin env:PASSPHRASE
fail_if_error $?
# Generate the cert (good for 10 years)
openssl x509 -req -days 3650 -in $DOMAIN.csr -signkey $DOMAIN.key -out $DOMAIN.crt
fail_if_error $?
# Prepare Clean
if [ -e "/etc/pki/tls/private/hostname.key" ];then
mv /etc/pki/tls/private/hostname.key /etc/pki/tls/private/hostname.key.$(date +%F-%H:%M:%S)
fi
if [ -e "/etc/pki/tls/certs/hostname.crt" ];then
mv /etc/pki/tls/certs/hostname.crt /etc/pki/tls/certs/hostname.crt.$(date +%F-%H:%M:%S)
fi
if [ -e "/etc/pki/tls/certs/hostname.cert" ];then
mv /etc/pki/tls/certs/hostname.cert /etc/pki/tls/certs/hostname.cert.$(date +%F-%H:%M:%S)
fi
if [ -e "/etc/pki/tls/certs/hostname.bundle" ];then
mv /etc/pki/tls/certs/hostname.bundle /etc/pki/tls/certs/hostname.bundle.$(date +%F-%H:%M:%S)
fi
if [ -e "/etc/pki/tls/private/$cnf_hostname.key" ];then
unlink /etc/pki/tls/private/$cnf_hostname.key
fi
if [ -e "/etc/pki/tls/certs/$cnf_hostname.crt" ];then
unlink /etc/pki/tls/certs/$cnf_hostname.crt
fi
if [ -e "/etc/pki/tls/certs/$cnf_hostname.cert" ];then
unlink /etc/pki/tls/certs/$cnf_hostname.cert
fi
if [ -e "/etc/pki/tls/certs/server-cwp.crt" ];then
unlink /etc/pki/tls/certs/server-cwp.crt
fi
if [ -e "/etc/pki/tls/certs/server-dovecot.crt" ];then
unlink /etc/pki/tls/certs/server-dovecot.crt
fi
if [ -e "/etc/pki/tls/certs/server-http.crt" ];then
unlink /etc/pki/tls/certs/server-http.crt
fi
if [ -e "/etc/pki/tls/certs/server-postfix.crt" ];then
unlink /etc/pki/tls/certs/server-postfix.crt
fi
if [ -e "/etc/pki/tls/private/server-cwp.key" ];then
unlink /etc/pki/tls/private/server-cwp.key
fi
if [ -e "/etc/pki/tls/private/server-dovecot.key" ];then
unlink /etc/pki/tls/private/server-dovecot.key
fi
if [ -e "/etc/pki/tls/private/server-http.key" ];then
unlink /etc/pki/tls/private/server-http.key
fi
if [ -e "/etc/pki/tls/private/server-postfix.key" ];then
unlink /etc/pki/tls/private/server-postfix.key
fi
# Save new
mv /root/$cnf_hostname.key /etc/pki/tls/private/hostname.key
mv /root/$cnf_hostname.crt /etc/pki/tls/certs/hostname.crt
cp /etc/pki/tls/certs/hostname.crt /etc/pki/tls/certs/hostname.bundle
# Postfix
sed -i 's#smtpd_tls_cert_file.*$#smtpd_tls_cert_file = /etc/pki/tls/certs/hostname.bundle#g' /etc/postfix/main.cf
sed -i 's#smtpd_tls_key_file.*$#smtpd_tls_key_file = /etc/pki/tls/private/hostname.key#g' /etc/postfix/main.cf
sed -i '/smtp_tls_CAfile.*$/d' /etc/postfix/main.cf
sed -i '/smtpd_tls_CAfile.*$/d' /etc/postfix/main.cf
# Postfix end
# Dovecot
sed -i 's#ssl_cert.*$#ssl_cert = </etc/pki/tls/certs/hostname.bundle#g' /etc/dovecot/dovecot.conf
sed -i 's#ssl_key.*$#ssl_key = </etc/pki/tls/private/hostname.key#g' /etc/dovecot/dovecot.conf
sed -i '/ssl_ca.*$/d' /etc/dovecot/dovecot.conf
# Dovecot end
# Apache
if [[ -f /usr/local/apache/conf.d/hostname-ssl.conf ]]; then
sed -i 's#SSLCertificateFile.*$#SSLCertificateFile /etc/pki/tls/certs/hostname.bundle#g' /usr/local/apache/conf.d/hostname-ssl.conf
sed -i 's#SSLCertificateKeyFile.*$#SSLCertificateKeyFile /etc/pki/tls/private/hostname.key#g' /usr/local/apache/conf.d/hostname-ssl.conf
sed -i '/SSLCertificateChainFile.*$/d' /usr/local/apache/conf.d/hostname-ssl.conf
fi
# Apache end
# nginx
if [[ -f /etc/nginx/conf.d/hostname-ssl.conf ]]; then
sed -i 's#ssl_certificate .*$#ssl_certificate /etc/pki/tls/certs/hostname.bundle;#g' /etc/nginx/conf.d/hostname-ssl.conf
sed -i 's#ssl_certificate_key.*$#ssl_certificate_key /etc/pki/tls/private/hostname.key;#g' /etc/nginx/conf.d/hostname-ssl.conf
fi
# nginx end
# CWP
if [[ -f /usr/local/cwpsrv/conf/cwpsrv.conf ]]; then
sed -i 's#ssl_certificate .*$#ssl_certificate /etc/pki/tls/certs/hostname.bundle;#g' /usr/local/cwpsrv/conf/cwpsrv.conf
sed -i 's#ssl_certificate_key.*$#ssl_certificate_key /etc/pki/tls/private/hostname.key;#g' /usr/local/cwpsrv/conf/cwpsrv.conf
fi
if [[ -f /usr/local/cwpsrv/conf.d/user-api.conf ]]; then
sed -i 's#ssl_certificate .*$#ssl_certificate /etc/pki/tls/certs/hostname.bundle;#g' /usr/local/cwpsrv/conf.d/user-api.conf
sed -i 's#ssl_certificate_key.*$#ssl_certificate_key /etc/pki/tls/private/hostname.key;#g' /usr/local/cwpsrv/conf.d/user-api.conf
fi
if [[ -f /usr/local/cwpsrv/conf.d/users.conf ]]; then
sed -i 's#ssl_certificate .*$#ssl_certificate /etc/pki/tls/certs/hostname.bundle;#g' /usr/local/cwpsrv/conf.d/users.conf
sed -i 's#ssl_certificate_key.*$#ssl_certificate_key /etc/pki/tls/private/hostname.key;#g' /usr/local/cwpsrv/conf.d/users.conf
fi
if [[ -f /usr/local/cwpsrv/conf.d/webmail.conf ]]; then
sed -i 's#ssl_certificate .*$#ssl_certificate /etc/pki/tls/certs/hostname.bundle;#g' /usr/local/cwpsrv/conf.d/webmail.conf
sed -i 's#ssl_certificate_key.*$#ssl_certificate_key /etc/pki/tls/private/hostname.key;#g' /usr/local/cwpsrv/conf.d/webmail.conf
fi
# CWP end
# pure-ftpd
if [[ -f /etc/pure-ftpd/pure-ftpd.conf ]]; then
cat /etc/pki/tls/private/hostname.key > /etc/pki/tls/private/hostname.pem
cat /etc/pki/tls/certs/hostname.bundle >> /etc/pki/tls/private/hostname.pem
chmod 600 /etc/pki/tls/private/hostname.pem
sed -i "/^CertFile/d" /etc/pure-ftpd/pure-ftpd.conf
sed -i "/^CertFileAndKey/d" /etc/pure-ftpd/pure-ftpd.conf
sed -i "/^TLS.*/d" /etc/pure-ftpd/pure-ftpd.conf
echo "TLS 1" >> /etc/pure-ftpd/pure-ftpd.conf
echo "TLSCipherSuite HIGH:MEDIUM:+TLSv1:!SSLv2:!SSLv3" >> /etc/pure-ftpd/pure-ftpd.conf
echo 'CertFile /etc/pki/tls/private/hostname.pem' >> /etc/pure-ftpd/pure-ftpd.conf
fi
# pure-ftpd end
for i in postfix dovecot cwpsrv httpd nginx pure-ftpd; do service $i restart ; done