From 66dd8eab93e40c590e6ea23a85783804a6bca281 Mon Sep 17 00:00:00 2001 From: "kload@kload.fr" Date: Thu, 9 Oct 2014 11:34:41 +0200 Subject: [PATCH] Update regenerate_certificate.md --- regenerate_certificate.md | 37 ++++++++++++++++++++----------------- 1 file changed, 20 insertions(+), 17 deletions(-) diff --git a/regenerate_certificate.md b/regenerate_certificate.md index b36242a7..bf067e83 100644 --- a/regenerate_certificate.md +++ b/regenerate_certificate.md @@ -1,6 +1,6 @@ # Regenerate certificate -If you want to generate again -- not renewing -- a certificate for domain, you can follow those steps: +If you want to generate again -- not renewing -- a certificate for a domain, you can follow those steps: (replace **example.org** with your domain) @@ -8,33 +8,36 @@ If you want to generate again -- not renewing -- a certificate for domain, you c # Save YunoHost's SSL directory location for readability ssldir=/usr/share/yunohost/yunohost-config/ssl/yunoCA -# Backup current certificates for your domain -cp -a /etc/yunohost/certs/example.org /etc/yunohost/certs/example.org.back - -# Remove certs and configuration file in it -rm /etc/yunohost/certs/example.org/{crt.pem,key.pem,openssl.cnf} - -# Copy openSSL's configuration file -cp $ssldir/openssl.cnf /etc/yunohost/certs/ +# Save the final SSL path (do not forget to change your domain) +finalpath=/etc/yunohost/certs/example.org # Save the serial number of the new certificate serial=$(cat "$ssldir/serial") +# Backup current certificates for your domain +cp -a $finalpath $finalpath.back + +# Remove certs and configuration file in it +rm $finalpath/{crt.pem,key.pem,openssl.cnf} + +# Copy openSSL's configuration file +cp $ssldir/openssl.cnf $finalpath/ + # Generate certificate and key -openssl req -new -config /etc/yunohost/certs/openssl.cnf -days 3650 -out $ssldir/certs/yunohost_csr.pem -keyout $ssldir/certs/yunohost_key.pem -nodes -batch +openssl req -new -config $finalpath/openssl.cnf -days 3650 -out $ssldir/certs/yunohost_csr.pem -keyout $ssldir/certs/yunohost_key.pem -nodes -batch # Sign certificate with your server's CA -openssl ca -config /etc/yunohost/certs/openssl.cnf -days 3650 -in $ssldir/certs/yunohost_csr.pem -out $ssldir/certs/yunohost_crt.pem -batch +openssl ca -config $finalpath/openssl.cnf -days 3650 -in $ssldir/certs/yunohost_csr.pem -out $ssldir/certs/yunohost_crt.pem -batch # Copy certificate and key to the right place -cp $ssldir/newcerts/$serial.pem /etc/yunohost/certs/crt.pem -cp $ssldir/certs/yunohost_key.pem /etc/yunohost/certs/key.pem +cp $ssldir/newcerts/$serial.pem $finalpath/crt.pem +cp $ssldir/certs/yunohost_key.pem $finalpath/key.pem # Fix permissions -chmod 755 /etc/yunohost/certs -chmod 640 /etc/yunohost/certs/key.pem /etc/yunohost/certs/crt.pem -chmod 600 /etc/yunohost/certs/openssl.cnf +chmod 755 $finalpath +chmod 640 $finalpath/key.pem $finalpath/crt.pem +chmod 600 $finalpath/openssl.cnf # Allow metronome to access those certificates -chown root:metronome /etc/yunohost/certs/key.pem /etc/yunohost/certs/crt.pem +chown root:metronome $finalpath/key.pem $finalpath/crt.pem ``` \ No newline at end of file