自动更新SSL Cert的一个脚本
下面这段脚本自动读取系统当前的IP地址,和时区信息,用这些信息生成一个SSL Certificate,更新到apache目录,并重启apache。
#
# update_ssl_cert
#
# update SSL Certificate while update initialization
# and IP Change
#
# by Robert on 20070109
#
update_ssl_cert()
{
# get zone, city and IP address
. /etc/sysconfig/clock
zone=${ZONE%%/*}
city=${ZONE##*/}
ipaddr=`ifconfig eth0 | grep ‘inet addr’ | awk ‘{ gsub(”addr:”, “”, $2); print $2; }’`
# 1. gen public key
openssl genrsa -out server.key 1024 >/dev/null 2>&1
# 2. gen certificate
echo -e “\n$zone\n$city\nMy Company\n\n$ipaddr\n\n\n\n” | \
openssl req -new -key server.key -out server.csr 2>/dev/null
# 3. sign the certificate
openssl x509 -req -days 1825 -in server.csr -signkey server.key -out server.crt >/dev/null 2>&1
rm -f server.csr >/dev/null 2>&1
# update the cert and key to the destination
/bin/mv -f server.crt /usr/local/httpd/conf/ssl.crt/server.crt
/bin/mv -f server.key /usr/local/httpd/conf/ssl.key/server.key
# restart httpd
/etc/init.d/httpd restart >/dev/null 2>&1
}