1 martin 1.4 #//%LICENSE////////////////////////////////////////////////////////////////
|
2 martin 1.5 #//
|
3 martin 1.4 #// Licensed to The Open Group (TOG) under one or more contributor license
4 #// agreements. Refer to the OpenPegasusNOTICE.txt file distributed with
5 #// this work for additional information regarding copyright ownership.
6 #// Each contributor licenses this file to you under the OpenPegasus Open
7 #// Source License; you may not use this file except in compliance with the
8 #// License.
|
9 martin 1.5 #//
|
10 martin 1.4 #// Permission is hereby granted, free of charge, to any person obtaining a
11 #// copy of this software and associated documentation files (the "Software"),
12 #// to deal in the Software without restriction, including without limitation
13 #// the rights to use, copy, modify, merge, publish, distribute, sublicense,
14 #// and/or sell copies of the Software, and to permit persons to whom the
15 #// Software is furnished to do so, subject to the following conditions:
|
16 martin 1.5 #//
|
17 martin 1.4 #// The above copyright notice and this permission notice shall be included
18 #// in all copies or substantial portions of the Software.
|
19 martin 1.5 #//
|
20 martin 1.4 #// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
|
21 martin 1.5 #// OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
|
22 martin 1.4 #// MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
23 #// IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY
24 #// CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT,
25 #// TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE
26 #// SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
|
27 martin 1.5 #//
|
28 martin 1.4 #//////////////////////////////////////////////////////////////////////////
|
29 denise.eckstein 1.1 #
30 # Set up OpenSSL certificates for the tog-pegasus cimserver
31 #
32 # Creates a default ssl.cnf file.
33 # Generates a self-signed certificate for use by the cimserver.
34 #
35 cnfChanged=0;
36 if [ ! -e $PEGASUS_CONFIG_DIR/ssl.cnf ]; then
37 mkdir -p ${PEGASUS_INSTALL_LOG%/*}
38 mkdir -p $PEGASUS_CONFIG_DIR
39 echo "[ req ]" > $PEGASUS_CONFIG_DIR/ssl.cnf
40 echo "distinguished_name = req_distinguished_name" >> \
41 $PEGASUS_CONFIG_DIR/ssl.cnf
42 echo "prompt = no" >> $PEGASUS_CONFIG_DIR/ssl.cnf
43 echo "[ req_distinguished_name ]" >> $PEGASUS_CONFIG_DIR/ssl.cnf
44 echo "C = UK" >> $PEGASUS_CONFIG_DIR/ssl.cnf
45 echo "ST = Berkshire" >> $PEGASUS_CONFIG_DIR/ssl.cnf
46 echo "L = Reading" >> $PEGASUS_CONFIG_DIR/ssl.cnf
47 echo "O = The Open Group" >> \
48 $PEGASUS_CONFIG_DIR/ssl.cnf
49 echo "OU = The OpenPegasus Project" >> \
50 denise.eckstein 1.1 $PEGASUS_CONFIG_DIR/ssl.cnf
51 DN=`hostname`;
52 if [ -z "$DN" ] || [ "$DN" = "(none)" ]; then
53 DN='localhost.localdomain';
54 fi;
55 FQDN=`{ host -W1 $DN 2>/dev/null || echo "$DN has address "; } |\
56 grep 'has address' | head -1 | sed 's/\ .*$//'`;
57 if [ -z "$FQDN" ] ; then
58 FQDN="$DN";
59 fi;
60 # cannot use 'hostname --fqdn' because this can hang indefinitely
61 echo "CN = $FQDN" >> $PEGASUS_CONFIG_DIR/ssl.cnf
62 chmod 400 $PEGASUS_CONFIG_DIR/ssl.cnf
63 chown root $PEGASUS_CONFIG_DIR/ssl.cnf
64 chgrp root $PEGASUS_CONFIG_DIR/ssl.cnf
65 cnfChanged=1;
66 fi
67 if [ $cnfChanged -eq 1 ] || \
68 [ ! -e $PEGASUS_PEM_DIR/$PEGASUS_SSL_CERT_FILE ] || \
69 [ ! -e $PEGASUS_PEM_DIR/$PEGASUS_SSL_KEY_FILE ]; then
70 /usr/bin/openssl req -x509 -days 3650 -newkey rsa:2048 \
71 denise.eckstein 1.1 -nodes -config $PEGASUS_CONFIG_DIR/ssl.cnf \
72 -keyout $PEGASUS_PEM_DIR/key.pem \
73 -out $PEGASUS_PEM_DIR/cert.pem 2>>$PEGASUS_INSTALL_LOG
74 chmod 700 $PEGASUS_PEM_DIR/*.pem
75 cp -fp $PEGASUS_PEM_DIR/cert.pem \
76 $PEGASUS_PEM_DIR/$PEGASUS_SSL_CERT_FILE
77 cp -fp $PEGASUS_PEM_DIR/key.pem \
78 $PEGASUS_PEM_DIR/$PEGASUS_SSL_KEY_FILE
79 chmod 400 $PEGASUS_PEM_DIR/$PEGASUS_SSL_KEY_FILE
80 chmod 444 $PEGASUS_PEM_DIR/$PEGASUS_SSL_CERT_FILE
81 rm -f $PEGASUS_PEM_DIR/key.pem $PEGASUS_PEM_DIR/cert.pem
82 fi;
83 if [ ! -e $PEGASUS_PEM_DIR/$PEGASUS_SSL_TRUSTSTORE ]; then
84 cp -fp $PEGASUS_PEM_DIR/$PEGASUS_SSL_CERT_FILE \
85 $PEGASUS_PEM_DIR/$PEGASUS_SSL_TRUSTSTORE
86 chmod 444 $PEGASUS_PEM_DIR/$PEGASUS_SSL_TRUSTSTORE;
87 fi;
|