From: clinton_admin Date: Tue, 29 Apr 2014 01:26:57 +0000 (-0400) Subject: ca-install fixes X-Git-Url: https://git.hcoop.net/hcoop/scripts.git/commitdiff_plain/139107908a1f2611ea13cc4bc702ec82cc6edc4e ca-install fixes * Scan for correct string in key file * Ensure no one but apache can read the pem on the webserver * Reload apache after install so the user can actually use it --- diff --git a/ca-install b/ca-install index dc6cc5a..3eb2d5c 100755 --- a/ca-install +++ b/ca-install @@ -102,7 +102,7 @@ fi echo # Determine whether we need to concatenate a private key -if grep "^-----BEGIN RSA PRIVATE KEY-----" "$CERT" > /dev/null; then +if grep "^-----BEGIN PRIVATE KEY-----" "$CERT" > /dev/null; then KEY= else if test -z "$KEY"; then @@ -128,6 +128,7 @@ if test -z "$KEY"; then else echo "Installing certificate and key to Apache SSL directory ..." cat "$CERT" "$KEY" | ssh $WEBSERVER sudo tee "$APACHE_DEST" > /dev/null + ssh $WEBSERVER sudo chmod 400 "$APACHE_DEST" > /dev/null fi echo @@ -136,6 +137,10 @@ echo "Granting member Domtool permissions for the certificate ..." domtool-admin grant $MEMBER cert "$APACHE_DEST" echo +echo "Restarting apache ..." +ssh $WEBSERVER sudo apache2ctl restart +echo + # Tell admin what to do echo "Done. Tell $MEMBER that the certificate is available for use at" echo " $APACHE_DEST"