1 denise.eckstein 1.1 #
 2                     #  Set up OpenSSL certificates for the tog-pegasus cimserver
 3                     #
 4                     #  Creates a default ssl.cnf file.
 5                     #  Generates a self-signed certificate for use by the cimserver.
 6                     #
 7                     cnfChanged=0;
 8                     if [ ! -e $PEGASUS_CONFIG_DIR/ssl.cnf ]; then
 9                         mkdir -p ${PEGASUS_INSTALL_LOG%/*}
10                         mkdir -p $PEGASUS_CONFIG_DIR
11                         echo "[ req ]" > $PEGASUS_CONFIG_DIR/ssl.cnf
12                         echo "distinguished_name     = req_distinguished_name"  >> \
13                                 $PEGASUS_CONFIG_DIR/ssl.cnf
14                         echo "prompt                 = no"  >> $PEGASUS_CONFIG_DIR/ssl.cnf
15                         echo "[ req_distinguished_name ]" >> $PEGASUS_CONFIG_DIR/ssl.cnf
16                         echo "C                      = UK" >> $PEGASUS_CONFIG_DIR/ssl.cnf
17                         echo "ST                     = Berkshire" >> $PEGASUS_CONFIG_DIR/ssl.cnf
18                         echo "L                      = Reading" >> $PEGASUS_CONFIG_DIR/ssl.cnf
19                         echo "O                      = The Open Group" >> \
20                                 $PEGASUS_CONFIG_DIR/ssl.cnf
21                         echo "OU                     = The OpenPegasus Project" >> \
22 denise.eckstein 1.1             $PEGASUS_CONFIG_DIR/ssl.cnf
23                         DN=`hostname`;
24                         if [ -z "$DN" ] || [ "$DN" = "(none)" ]; then
25                                 DN='localhost.localdomain';
26                         fi;
27                         FQDN=`{ host -W1 $DN 2>/dev/null || echo "$DN has address "; } |\
28                                 grep 'has address' | head -1 | sed 's/\ .*$//'`;
29                         if [ -z "$FQDN" ] ; then
30                             FQDN="$DN";
31                         fi;
32                         # cannot use 'hostname --fqdn' because this can hang indefinitely
33                         echo "CN                     = $FQDN"  >> $PEGASUS_CONFIG_DIR/ssl.cnf
34                         chmod 400 $PEGASUS_CONFIG_DIR/ssl.cnf
35                         chown root $PEGASUS_CONFIG_DIR/ssl.cnf
36                         chgrp root $PEGASUS_CONFIG_DIR/ssl.cnf
37                         cnfChanged=1;
38                     fi
39                     if [ $cnfChanged -eq 1 ] || \
40                              [ ! -e $PEGASUS_PEM_DIR/$PEGASUS_SSL_CERT_FILE ] || \
41                              [ ! -e $PEGASUS_PEM_DIR/$PEGASUS_SSL_KEY_FILE ]; then
42                         /usr/bin/openssl req -x509 -days 3650 -newkey rsa:2048 \
43 denise.eckstein 1.1          -nodes -config $PEGASUS_CONFIG_DIR/ssl.cnf   \
44                              -keyout $PEGASUS_PEM_DIR/key.pem \
45                              -out $PEGASUS_PEM_DIR/cert.pem 2>>$PEGASUS_INSTALL_LOG
46                         chmod 700 $PEGASUS_PEM_DIR/*.pem
47                         cp -fp $PEGASUS_PEM_DIR/cert.pem \
48                             $PEGASUS_PEM_DIR/$PEGASUS_SSL_CERT_FILE
49                         cp -fp $PEGASUS_PEM_DIR/key.pem \
50                             $PEGASUS_PEM_DIR/$PEGASUS_SSL_KEY_FILE
51                         chmod 400 $PEGASUS_PEM_DIR/$PEGASUS_SSL_KEY_FILE
52                         chmod 444 $PEGASUS_PEM_DIR/$PEGASUS_SSL_CERT_FILE 
53                         rm -f $PEGASUS_PEM_DIR/key.pem $PEGASUS_PEM_DIR/cert.pem
54                     fi;
55                     if [ ! -e $PEGASUS_PEM_DIR/$PEGASUS_SSL_TRUSTSTORE ]; then
56                         cp -fp $PEGASUS_PEM_DIR/$PEGASUS_SSL_CERT_FILE \
57                             $PEGASUS_PEM_DIR/$PEGASUS_SSL_TRUSTSTORE
58                         chmod 444 $PEGASUS_PEM_DIR/$PEGASUS_SSL_TRUSTSTORE;
59                     fi;