Skip to content

GitLab

Commit 1ec66f26 authored by miriel's avatar miriel
Browse files

Actualizar certificados

parent da67473a
Pipeline #898 failed with stages
Hide whitespace changes
Inline Side-by-side
Showing with 38 additions and 0 deletions
update_certificate.sh 0 → 100644
View file @ 1ec66f26
#!/bin/bash
DOMAIN="jabber.vc.hidro.cu"
cd /etc/ssl
# Creo un certificado combinado con cert y CA chain
cat ${DOMAIN}_cert.pem ${DOMAIN}_chain.pem > ${domain_chained}.pem
# Detengo el servicio de OpenFiere
/bin/systemctl stop openfire
# Hago una copia de seguridad del archivo de certificados de openfire
cp /usr/share/openfire/resources/security/keystore /usr/share/openfire/resources/security/keystore.bak_$(date +%Y-%m-%d)
cp /usr/share/openfire/resources/security/truststore /usr/share/openfire/resources/security/truststore.bak_$(date +%Y-%m-%d)
#Elimino el archivo de certificados de openfiore para generar uno nuevo
rm -f /usr/share/openfire/resources/security/keystore
rm -f /usr/share/openfire/resources/security/truststore
#genero un nuevo archivo de certificados con el de LE
keytool -import -trustcacerts -storepass changeit -alias "Let's Encrypt Authority X3" -file /etc/ssl/${DOMAIN}_chain.pem -keystore /usr/share/openfire/resources/security/truststore >/dev/null
openssl pkcs12 -export -in /etc/ssl/${domain_chained}.pem -inkey /etc/ssl/${DOMAIN}_key.pem -out /etc/ssl/${DOMAIN}.allwithkey.p12 \
-name ${DOMAIN} -CAfile /etc/ssl/${DOMAIN}_chain.pem -passout pass:"changeit"
chown root.root /etc/ssl/${DOMAIN}.allwithkey.p12
chmod 640 /etc/ssl/${DOMAIN}.allwithkey.p12
keytool -importkeystore -deststorepass changeit -srcstorepass changeit \
-destkeystore /usr/share/openfire/resources/security/keystore \
-srckeystore /etc/ssl/${DOMAIN}.allwithkey.p12 -srcstoretype PKCS12 -alias ${DOMAIN}
keytool -import -trustcacerts -storepass changeit -alias "Let's Encrypt Authority X3" -file /etc/ssl/${DOMAIN}_chain.pem -keystore /usr/share/openfire/resources/security/keystore
/bin/systemctl start openfire
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment