Forked from
DM / dm-docs
261 commits behind, 776 commits ahead of the upstream repository.
Code owners
Assign users and groups as approvers for specific file changes. Learn more.
dm_create_ca.sh 1.19 KiB
#!/bin/bash
sbindir=`dirname $0`
# Set root/run directories
if [ -z $DM_ROOT_DIR ]; then
cd $sbindir/..
export DM_ROOT_DIR=`pwd`
fi
if [ -z $DM_INSTALL_DIR ]; then
cd $DM_ROOT_DIR/..
export DM_INSTALL_DIR=`pwd`
fi
CA_ROOT=$DM_INSTALL_DIR/etc/CA
CA_CONFIG=$DM_ROOT_DIR/etc/dm.openssl.conf
CA_DESC="DM Certificate Authority"
LOG_FILE=/tmp/dm-ca.log.$$
LOCKFILE=$CA_ROOT/dm-ca.lock
echo "Creating $CA_DESC"
# Check for lock file
if [ -f $LOCKFILE ]; then
if [ "x$1" != "x--force" ]; then
echo "$0 has already been run and there is no need to re-run it."
exit -1
else
# Clean up CA...
rm -rf $CA_ROOT
fi
fi
# Prep directory
HOSTNAME=`hostname`
mkdir -p $CA_ROOT/newcerts
mkdir -p $CA_ROOT/certs
mkdir -p $CA_ROOT/certreqs
mkdir -p $CA_ROOT/private
mkdir -p $CA_ROOT/crl
touch $CA_ROOT/index.txt
echo "01" > $CA_ROOT/serial
openssl req -days 3650 -nodes -new -x509 -keyout $CA_ROOT/private/cakey.pem -out $CA_ROOT/cacert.pem -config $CA_CONFIG >> $LOG_FILE 2>&1 << EOF
$CA_DESC
EOF
#Set the lockfile
if [ $? -eq 0 ]; then
echo "Created $CA_DESC"
touch $LOCKFILE
exit 0
else
echo "Error creating CA: check '$LOG_FILE'."
exit -2
fi