#!/bin/bash
#
# Install a signed certificate, placing a complimentary copy in the
-# member's homedir. Also grant member domtool permissions for the
-# certificate.
+# member's homedir. Validation is done on the certificate before
+# allowing it to be installed. Also grant member domtool permissions
+# for the certificate.
#
# If the certificate comes from the member's home directory, then
# don't place an extra copy there.
#
-# Run this on deleuze as an admin.
+# Run this on an administrative node while holding admin tokens.
#
# Usage: ca-install member domain cert-file.pem [key-file.pem]
KEY=$4
fi
-WEBSERVER=mire.hcoop.net
+WEBSERVER=navajos.hcoop.net
function verify_cert () {
if test -z "$2" || test -n "$3"; then
fi
}
-# Make sure we run this from deleuze
-if test "$(hostname -s)" != "deleuze"; then
- echo "Error: This script must be run from deleuze."
+# Make sure we run this from an admin host...
+if test "$(hostname -s)" != "fritz"; then
+ echo "Error: This script must be run from fritz."
exit 1
fi
echo
# Determine whether we need to concatenate a private key
-if grep "^-----BEGIN RSA PRIVATE KEY-----" "$CERT" > /dev/null; then
+if grep "^-----BEGIN PRIVATE KEY-----" "$CERT" > /dev/null; then
KEY=
else
if test -z "$KEY"; then
else
echo "Installing certificate and key to Apache SSL directory ..."
cat "$CERT" "$KEY" | ssh $WEBSERVER sudo tee "$APACHE_DEST" > /dev/null
+ ssh $WEBSERVER sudo chmod 400 "$APACHE_DEST" > /dev/null
fi
echo
domtool-admin grant $MEMBER cert "$APACHE_DEST"
echo
+echo "Restarting apache ..."
+ssh $WEBSERVER sudo apache2ctl restart
+echo
+
# Tell admin what to do
echo "Done. Tell $MEMBER that the certificate is available for use at"
echo " $APACHE_DEST"