generated from caltechlibrary/template
-
Notifications
You must be signed in to change notification settings - Fork 2
/
certbot2saml.bash
56 lines (47 loc) · 1.21 KB
/
certbot2saml.bash
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
#!/bin/bash
echo $(readlink -f $0)
SCRIPTNAME=$(readlink -f $0)
DNAME=$(dirname ${SCRIPTNAME})
cd "${DNAME}"
if [ $USER != "root" ]; then
cat <<EOT
ERROR: This script is run from the root account only since it works
with prividged keys.
EOT
exit 1
fi
HOSTNAME="data.caltechlibrary.dev"
if [ ! -d ./saml ]; then
cat <<EOT
You need to setup the ./saml directory, e.g.
mkdir saml
chown -R ubuntu:ubuntu saml
chmod ug=rwxs,o= saml
chmod ug=r,o= sam/sp.key
chmod ugo=r sam/sp.crt
EOT
exit 1
fi
cp -vp "/etc/letsencrypt/live/${HOSTNAME}/privkey.pem" ./saml/
cp -vp "/etc/letsencrypt/live/${HOSTNAME}/fullchain.pem" ./saml/
# This converts /etc/letsencrypt/live/$HOSTNAME/privkey.pem
# to ./saml/sp.key
if openssl rsa -in ./saml/privkey.pem -out ./saml/sp.key; then
echo "./saml/sp.key created"
chmod ug=r,o= ./saml/sp.key
else
echo "Error creating ./saml/sp.key"
exit 1
fi
# This converts /etc/letsencrypt/live/$HOSTNAME/fullchain.pem
# to ./saml/sp.crt
if openssl x509 -in ./saml/fullchain.pem -out ./saml/sp.crt; then
echo "./saml/sp.crt created"
chmod ugo=r ./saml/sp.crt
else
echo "Error creating ./saml/sp.cert"
exit 1
fi
# Cleanup unneeded files after conversion
rm ./saml/privkey.pem
rm ./saml/fullchain.pem