50 lines
1.3 KiB
Bash
50 lines
1.3 KiB
Bash
|
#!/bin/bash
|
||
|
|
|
||
|
|
# 6184 - This script generates the SSL certificate and key for the replication
|
||
|
|
# DB user on central registry servers.
|
||
|
|
#
|
||
|
|
# Run as root on every central registry server.
|
||
|
|
# Set the ca_dir variable to the location of ca.crt and ca.key before running
|
||
|
|
# this script.
|
||
|
|
#
|
||
|
|
# Author: tgurney
|
||
|
|
|
||
|
|
# Path to directory containing ca.crt and ca.key
|
||
|
|
ca_dir=
|
||
|
|
#ca_dir=/etc/pki/a2pgca/ca/
|
||
|
|
ssl_dir=/awips2/database/ssl
|
||
|
|
replication_ssl_dir="${ssl_dir}"/replication/$(hostname -s)
|
||
|
|
|
||
|
|
if [[ "${ca_dir}" == "" ]]; then
|
||
|
|
echo ERROR: ca_dir variable is not set.
|
||
|
|
echo Open this script file and set ca_dir to the directory containing
|
||
|
|
echo ca.key and ca.crt.
|
||
|
|
exit 1
|
||
|
|
fi
|
||
|
|
|
||
|
|
if [[ ! -f "${ca_dir}"/ca.crt || ! -f "${ca_dir}"/ca.key ]]; then
|
||
|
|
echo "ERROR: ca.crt or ca.key missing from ${ca_dir}"
|
||
|
|
echo Open this script file and set ca_dir to the directory containing
|
||
|
|
echo ca.key and ca.crt.
|
||
|
|
exit 1
|
||
|
|
fi
|
||
|
|
|
||
|
|
sudo -u awips mkdir -m 700 -p "${replication_ssl_dir}"
|
||
|
|
|
||
|
|
cd "${replication_ssl_dir}"
|
||
|
|
|
||
|
|
openssl req -new -nodes \
|
||
|
|
-subj '/O=AWIPS DB Auth/OU=NCF/CN=replication' \
|
||
|
|
-out replication.req \
|
||
|
|
-keyout replication.key
|
||
|
|
|
||
|
|
openssl x509 -req \
|
||
|
|
-in replication.req \
|
||
|
|
-out replication.crt \
|
||
|
|
-days 1825 \
|
||
|
|
-CA "${ca_dir}"/ca.crt \
|
||
|
|
-CAkey "${ca_dir}"/ca.key \
|
||
|
|
-CAcreateserial
|
||
|
|
|
||
|
|
cp "${ssl_dir}"/root.crt .
|