3 # Install a signed certificate, placing a complimentary copy in the
4 # user's homedir. Also grant user domtool permissions.
6 # If the certificate comes from the USER's home directory, then don't
7 # place an extra copy there.
9 # Run this on deleuze as an admin.
11 # Usage: ca-install user domain cert-file.pem [key-file.pem]
15 echo "Error: Too many arguments"
17 elif test -z "$3"; then
18 echo "Error: Not enough arguments"
27 # Sanity-check some paths
28 if test ! -f $CERT; then
29 echo "Error: Nonexistent or unreadable cert $CERT"
32 if test -n "$KEY" && test ! -f $KEY; then
33 echo "Error: Nonexistent or unreadable key $KEY"
37 # Figure out destination for complimentary copy
38 APACHE_DEST
=/etc
/apache
2/ssl
/user
/$DOMAIN.pem
39 USERHOME
=$
(getent passwd
$USER | cut
-d':' -f 6)
40 if test -n "$KEY"; then
41 DEST
=$
(dirname $KEY)/$DOMAIN.pem
46 # Perform complimentary copy
47 if test -z "$DEST"; then
48 echo "No key specified, so skipping complimentary copy"
49 elif echo "$CERT" |
grep "^$USERHOME" > /dev
/null
; then
50 echo "User already has a cert, skipping the complimentary copy"
51 elif test -f $DEST; then
52 echo "Not overwriting existing file $DEST"
54 echo "Copying signed certificate to user's home directory ..."
56 chown
$USER:nogroup
$DEST
60 # Determine whether we need to concatenate a private key
61 if grep "^-----BEGIN RSA PRIVATE KEY-----" $CERT > /dev
/null
; then
64 if test -z "$KEY"; then
65 echo "Error: No private key is included with this certificate"
70 # Copy complete certificate to mire
71 if test -z "$KEY"; then
72 echo "Installing cert to Apache SSL directory ..."
73 cat $CERT |
ssh mire.hcoop.net sudo
tee $APACHE_DEST > /dev
/null
75 echo "Installing cert to Apache SSL directory, adding key ..."
76 cat $CERT $KEY |
ssh mire.hcoop.net sudo
tee $APACHE_DEST > /dev
/null
80 # Grant Domtool permissions
81 echo "Granting user Domtool permissions for the cert ..."
82 domtool-admin grant
$USER cert
$APACHE_DEST