Jan 1, 2021
Renovar certificado autofirmado en Apache HTTP Server
Establecemos los parámetros de creación del certificado autofirmado:
DAYSINTERVAL=365
COUNTRY={2_chars_country_code} # ES
STATE={state} # Andalucia
LOCALITY={city} # Sevilla
ORGANIZATION_NAME={company_name} # rrc2software
ORGANIZATION_UNIT={company_section} # TI
COMMON_NAME=$(hostname --fqdn) # www.rrc2software.com
EMAIL_ADDRESS={email} # info@example.com
Detectamos el actual certificado instalado en Apache HTTP Server:
CERTIFICATE_CRT_FILE=`grep "^[[:space:]]*SSLCertificateFile[[:space:]]" /etc/httpd/conf.d/ssl.conf | cut -f2 -d' '`
CERTIFICATE_KEY_FILE=`grep "^[[:space:]]*SSLCertificateKeyFile[[:space:]]" /etc/httpd/conf.d/ssl.conf | cut -f2 -d' '`
Si lo hemos detectado correctamente, generamos un nuevo certificado autofirmado y lo configuramos en Apache HTTP Server:
if [ ! -z "$CERTIFICATE_CRT_FILE" ] && [ ! -z "$CERTIFICATE_KEY_FILE" ]; then
openssl req -days $DAYSINTERVAL -x509 -nodes -newkey rsa:2048 -keyout $CERTIFICATE_KEY_FILE -out $CERTIFICATE_CRT_FILE -subj "/C=$COUNTRY/ST=$STATE/L=$LOCALITY/O=$ORGANIZATION_NAME/OU=$ORGANIZATION_UNIT/CN=$COMMON_NAME/emailAddress=$EMAIL/" -extensions san -config <(echo '[req]'; echo 'distinguished_name=req'; echo '[san]'; echo "subjectAltName=DNS:$(hostname --fqdn)")
openssl dhparam -out /etc/pki/tls/certs/dhparam.pem 2048
cat /etc/pki/tls/certs/dhparam.pem | tee -a $CERTIFICATE_CRT_FILE
chmod 600 $CERTIFICATE_CRT_FILE
chmod 600 $CERTIFICATE_KEY_FILE
systemctl reload httpd
fi
Tweet Share Share Pin Share Email Última modificación: Jun 3, 2020