From 03799b8360ff75ae96c3e38e523e0fe8f3150f36 Mon Sep 17 00:00:00 2001 From: "Kyle J. McKay" Date: Sun, 29 Nov 2020 04:14:45 -0700 Subject: [PATCH] install.sh: create a www_fullchain.pem file Apache has a "unique" configuration setup where the server's leaf certificate is configured by the `SSLCertificateFile` directive but the rest of the server's certificate chain is set using the `SSLCertificateChainFile` directive. Other server software just has a single directive that specifies a file that starts with the server's leaf and may also contain the rest of the certificate chain in order in that same file. Create a ..._www_fullchain.pem file that contains this full certificate chain during installation in case it might be needed by non-Apache server software. Signed-off-by: Kyle J. McKay --- install.sh | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/install.sh b/install.sh index 49048d7..c1fa044 100755 --- a/install.sh +++ b/install.sh @@ -1034,7 +1034,8 @@ if [ -n "$cfg_httpspushurl" ]; then if ! [ -e "$cfg_certsdir/girocco_root_crt.pem" ]; then createcert --root --key "$cfg_certsdir/girocco_root_key.pem" \ --out "$cfg_certsdir/girocco_root_crt.pem" "girocco $cfg_nickname root certificate" - rm -f "$cfg_certsdir/girocco_www_crt.pem" "$cfg_certsdir/girocco_www_chain.pem" + rm -f "$cfg_certsdir/girocco_www_crt.pem" "$cfg_certsdir/girocco_www_chain.pem" \ + "$cfg_certsdir/girocco_www_fullchain.pem" rm -f "$cfg_certsdir/girocco_client_crt.pem" "$cfg_certsdir/girocco_client_suffix.pem" rm -f "$cfg_certsdir/girocco_mob_user_crt.pem" rm -f "$cfg_chroot/etc/sshcerts"/*.pem @@ -1055,12 +1056,18 @@ if [ -n "$cfg_httpspushurl" ]; then --cert "$cfg_certsdir/girocco_root_crt.pem" $wwwcertdns \ --out "$cfg_certsdir/girocco_www_crt.pem" "$cfg_httpsdnsname" printf '%s\n' "$wwwcertdns" >"$cfg_certsdir/girocco_www_crt.dns" + rm -f "$cfg_certsdir/girocco_www_fullchain.pem" echo "Created www certificate" fi if ! [ -e "$cfg_certsdir/girocco_www_chain.pem" ]; then cat "$cfg_certsdir/girocco_root_crt.pem" >"$cfg_certsdir/girocco_www_chain.pem" echo "Created www certificate chain file" fi + if ! [ -e "$cfg_certsdir/girocco_www_fullchain.pem" ]; then + cat "$cfg_certsdir/girocco_www_crt.pem" >"$cfg_certsdir/girocco_www_fullchain.pem" + cat "$cfg_certsdir/girocco_www_chain.pem" >>"$cfg_certsdir/girocco_www_fullchain.pem" + echo "Created www certificate full chain file" + fi if ! [ -e "$cfg_certsdir/girocco_client_key.pem" ]; then umask 0037 "$openssl" genrsa -f4 -out "$cfg_certsdir/girocco_client_key.pem" $bits -- 2.11.4.GIT