From 1ec66f26e66147ab5a4932f53ebcafcf1c24bb27 Mon Sep 17 00:00:00 2001
From: miriel <miriel@uclv.edu.cu>
Date: Sun, 24 May 2020 21:51:05 +0000
Subject: [PATCH] Actualizar certificados

---
 update_certificate.sh | 38 ++++++++++++++++++++++++++++++++++++++
 1 file changed, 38 insertions(+)
 create mode 100644 update_certificate.sh

diff --git a/update_certificate.sh b/update_certificate.sh
new file mode 100644
index 0000000..4e9b394
--- /dev/null
+++ b/update_certificate.sh
@@ -0,0 +1,38 @@
+#!/bin/bash
+
+
+DOMAIN="jabber.vc.hidro.cu"
+
+cd /etc/ssl
+
+# Creo un certificado combinado con cert y CA chain
+cat ${DOMAIN}_cert.pem ${DOMAIN}_chain.pem > ${domain_chained}.pem
+
+
+# Detengo el servicio de OpenFiere
+/bin/systemctl stop openfire 
+
+# Hago una copia de seguridad del archivo de certificados de openfire
+cp /usr/share/openfire/resources/security/keystore /usr/share/openfire/resources/security/keystore.bak_$(date +%Y-%m-%d)
+cp /usr/share/openfire/resources/security/truststore /usr/share/openfire/resources/security/truststore.bak_$(date +%Y-%m-%d)
+
+#Elimino el archivo de certificados de openfiore para generar uno nuevo
+rm -f /usr/share/openfire/resources/security/keystore
+rm -f /usr/share/openfire/resources/security/truststore
+
+#genero un nuevo archivo de certificados con el de LE
+keytool -import -trustcacerts -storepass changeit -alias "Let's Encrypt Authority X3" -file /etc/ssl/${DOMAIN}_chain.pem -keystore /usr/share/openfire/resources/security/truststore >/dev/null
+
+openssl pkcs12 -export -in /etc/ssl/${domain_chained}.pem -inkey /etc/ssl/${DOMAIN}_key.pem -out /etc/ssl/${DOMAIN}.allwithkey.p12 \
+               -name ${DOMAIN} -CAfile /etc/ssl/${DOMAIN}_chain.pem -passout pass:"changeit"
+
+chown root.root /etc/ssl/${DOMAIN}.allwithkey.p12
+chmod 640       /etc/ssl/${DOMAIN}.allwithkey.p12
+
+keytool -importkeystore -deststorepass changeit -srcstorepass changeit \
+        -destkeystore /usr/share/openfire/resources/security/keystore \
+        -srckeystore /etc/ssl/${DOMAIN}.allwithkey.p12 -srcstoretype PKCS12 -alias ${DOMAIN}
+
+keytool -import -trustcacerts -storepass changeit -alias "Let's Encrypt Authority X3" -file /etc/ssl/${DOMAIN}_chain.pem -keystore /usr/share/openfire/resources/security/keystore
+
+/bin/systemctl start openfire 
-- 
GitLab