ca-install fixes

* Scan for correct string in key file
* Ensure no one but apache can read the pem on the webserver
* Reload apache after install so the user can actually use it

diff --git a/ca-install b/ca-install
index dc6cc5a..3eb2d5c 100755 (executable)
--- a/ca-install
+++ b/ca-install
@@ -102,7 +102,7 @@ fi
 echo
 
 # Determine whether we need to concatenate a private key
-if grep "^-----BEGIN RSA PRIVATE KEY-----" "$CERT" > /dev/null; then
+if grep "^-----BEGIN PRIVATE KEY-----" "$CERT" > /dev/null; then
     KEY=
 else
     if test -z "$KEY"; then
@@ -128,6 +128,7 @@ if test -z "$KEY"; then
 else
     echo "Installing certificate and key to Apache SSL directory ..."
     cat "$CERT" "$KEY" | ssh $WEBSERVER sudo tee "$APACHE_DEST" > /dev/null
+    ssh $WEBSERVER sudo chmod 400 "$APACHE_DEST" > /dev/null
 fi
 echo
 
@@ -136,6 +137,10 @@ echo "Granting member Domtool permissions for the certificate ..."
 domtool-admin grant $MEMBER cert "$APACHE_DEST"
 echo
 
+echo "Restarting apache ..."
+ssh $WEBSERVER sudo apache2ctl restart
+echo
+
 # Tell admin what to do
 echo "Done.  Tell $MEMBER that the certificate is available for use at"
 echo "  $APACHE_DEST"