139 lines
4.5 KiB
Bash
Executable File
139 lines
4.5 KiB
Bash
Executable File
#!/bin/bash
|
|
#############################################################
|
|
# Script name: renew-cert.sh
|
|
# Author: Gilles Mouchet (gilles.mouchet@gmail.com
|
|
# Version: 1.0.0
|
|
# Description: Renews certificates that are about to expire
|
|
# License: GNU GPL v3
|
|
#
|
|
# This program is distributed in the hope that it will be useful,
|
|
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
# GNU General Public License for more details.
|
|
#
|
|
# Changelog
|
|
# [1.0.0] - 2026-04-05
|
|
# Added:
|
|
# - resign cert
|
|
# Project initialization:
|
|
# - initialization by gilles.mouchet@gmail.com
|
|
#
|
|
############################################################
|
|
|
|
version=1.0.0
|
|
|
|
############################################################
|
|
# FUNCTIONS
|
|
############################################################
|
|
#-----------------------------------------------------------
|
|
# Display usage
|
|
usage() {
|
|
cat << EOF
|
|
Usage: ./$(basename "$0") options
|
|
Template script
|
|
Options:
|
|
-n, --cn
|
|
Delete the certificates from DB
|
|
To find the commonName, use the script ./info-cert.sh -h
|
|
-h, --help
|
|
Show this help
|
|
-v, --version
|
|
Show script version
|
|
Examples:
|
|
Show this help
|
|
./$(basename "$0") -h
|
|
Delete
|
|
EOF
|
|
}
|
|
############################################################
|
|
# MAIN
|
|
############################################################
|
|
|
|
main(){
|
|
SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
|
|
ROOT_DIR="$(dirname "$SCRIPT_DIR")"
|
|
|
|
# read library
|
|
source "$ROOT_DIR/lib/stdlib.sh"
|
|
|
|
# init config
|
|
init_default
|
|
init_env
|
|
init_cred
|
|
|
|
# set color
|
|
set_color
|
|
|
|
# check if script is run with sudo
|
|
check_sudo
|
|
|
|
# check if param exist
|
|
if [ -z "$1" ]; then
|
|
usage
|
|
exit 1
|
|
fi
|
|
|
|
# read cli parameters
|
|
while [[ "$#" -gt 0 ]]; do
|
|
case "$1" in
|
|
-c|--ca-name)
|
|
if [[ -z "$2" || "$2" == -* ]]; then
|
|
msg_error "\nError: Argument missing for option -c or --ca-name.\n"
|
|
usage
|
|
exit 1
|
|
else
|
|
CA_CRT=$2.crt
|
|
CA_KEY=$2.key
|
|
fi
|
|
shift 2
|
|
;;
|
|
-d|--expire-date)
|
|
if [[ -z "$2" || "$2" == -* ]]; then
|
|
echo -e "\n${RED}Error: Argument missing for option -d or --expire-date. See ./$(basename "$0") --help${NC}\n"
|
|
exit 1
|
|
elif [[ "$2" =~ ^[0-9]+$ ]] && [ "$2" -ge 1 ] && [ "$2" -le "$DAYS" ]; then
|
|
if [[ ! -f "$CRT_CA_PATH/$CA_CRT" || ! -f "$KEY_CA_PATH/$CA_KEY" ]]; then
|
|
msg_error "One or both of the following files are missing:"
|
|
msg_warn " - $CRT_CA_PATH/$CA_CRT"
|
|
msg_warn " - $KEY_CA_PATH/$CA_KEY"
|
|
exit 1
|
|
fi
|
|
expired_date $2
|
|
if [ "${#expireDate[@]}" == "0" ]; then
|
|
msg_warn "There are no certificates that expire in less than $2 days."
|
|
fi
|
|
for certData in "${expireDate[@]}"; do
|
|
COMMON_NAME=$(echo $certData | cut -d"|" -f2 )
|
|
|
|
echo -e "Signing the certificate with the CA..."
|
|
openssl x509 -req -in "${CERTS_PATH}/${COMMON_NAME}.csr" \
|
|
-CA "$CRT_CA_PATH/$CA_CRT" \
|
|
-CAkey "$KEY_CA_PATH/$CA_KEY" \
|
|
-CAcreateserial \
|
|
-out "${CERTS_PATH}/${COMMON_NAME}.crt" \
|
|
-days "$DAYS" \
|
|
-extensions req_ext \
|
|
-extfile "$CERTS_PATH/${COMMON_NAME}_openssl.cnf" \
|
|
-passin pass:$KEY_CA_PASS > /dev/null 2>&1
|
|
rc=$?
|
|
echo -n -e "Result of signing the ${ORANGE}$COMMON_NAME${NC} certificate: "
|
|
check_rc $rc
|
|
echo -e ""
|
|
done
|
|
fi
|
|
shift 2
|
|
;;
|
|
-v|--version)
|
|
cat << EOF
|
|
$(basename "$0") $version Copyright (C) 2003 - $(date +%Y) Gilles Mouchet
|
|
EOF
|
|
exit
|
|
;;
|
|
*|-h|--help)
|
|
usage
|
|
exit
|
|
;;
|
|
esac
|
|
done
|
|
}
|
|
main "$@" |