#!/bin/bash
#################################################################
# Script name:  gen_ssl_key.sh
# Author(s):    Marc Elliot Hall <marc@hallmarc.net>
# Version:      0.2
# Created:      2009-03-12 
# Modified:     2009-04-05 
#
# Description:  Script to generate an SSL key, good for one year.
#		Run from cron once per year.
#
# Notes:
#
# Usage:        Call from crontab
#		./gen_ssl_key.sh <arguments>
# 		./gen_ssl_key.sh and supply keyboard input (stdin)
#
# License:      Made available under GNU GPL v 2.0 as found here:
#               http://www.gnu.org/licenses/old-licenses/gpl-2.0.html
#               (or a later version at the original author's
#               discretion)
#
#################################################################

#################################################################

debug="1";
domain="example.com";
ssl_dir="/etc/ssl";
apache_ssl_config_dir="/etc/apache-ssl";
apache_config_dir="/etc/apache2";
date="`/bin/date +%Y%m%d`";

cd ${ssl_dir};

openssl genrsa -out ${domain}.key 1024;
openssl req -new -key ${domain}.key -out ${domain}.csr;
openssl x509 -req -days 365 -in ${domain}.csr -signkey ${domain}.key -out ${domain}.crt;

mv ${ssl_dir}/${domain}.csr "${ssl_dir}/${domain}.csr.${date}";
mv ${apache_ssl_config_dir}/apache.pem "${apache_ssl_config_dir}/apache.pem.${date}";

cp -p ${domain}.key ${apache_ssl_config_dir}/apache.pem;

cat ${domain}.crt >> ${apache_ssl_config_dir}/apache.pem;

chmod 600 ${apache_ssl_config_dir}/apache.pem;

rm ${apache_config_dir}/apache.pem;

ln ${apache_ssl_config_dir}/apache.pem ${apache_config_dir}/apache.pem;

cp -p ${apache_ssl_config_dir}/apache.pem ${ssl_dir}/certs/ssl-cert-${domain}.pem;

mv ./${domain}.key ${ssl_dir}/private/;

chmod 600 ${ssl_dir}/private/*;
chown root.ssl-cert ${ssl_dir}/private/${domain}.key;

mv ${domain}.crt ${ssl_dir}/certs/;

chmod 600 ${ssl_dir}/hall*;
chmod 600 ${ssl_dir}/certs/${domain}.crt;
chmod go+r ${ssl_dir}/certs/${domain}.pem;

etc/init.d/./apache2 restart;
/etc/init.d/./postfix reload;


#cat "$@" | tr 'a-zA-Z' 'n-za-mN-ZA-M'   # "a" goes to "n", "b" to "o", etc.
# The 'cat "$@"' construction
# permits getting input either from stdin or from files.

exit 0;