rrc2software Blog Proyectos
rrc2software Blog Proyectos

Renovar certificado autofirmado en Apache HTTP Server

Establecemos los parámetros de creación del certificado autofirmado:

DAYSINTERVAL=365
COUNTRY={2_chars_country_code}      # ES
STATE={state}                       # Andalucia
LOCALITY={city}                     # Sevilla
ORGANIZATION_NAME={company_name}    # rrc2software
ORGANIZATION_UNIT={company_section} # TI
COMMON_NAME=$(hostname --fqdn)      # www.rrc2software.com
EMAIL_ADDRESS={email}               # info@example.com

Detectamos el actual certificado instalado en Apache HTTP Server:

CERTIFICATE_CRT_FILE=`grep "^[[:space:]]*SSLCertificateFile[[:space:]]" /etc/httpd/conf.d/ssl.conf | cut -f2 -d' '`
CERTIFICATE_KEY_FILE=`grep "^[[:space:]]*SSLCertificateKeyFile[[:space:]]" /etc/httpd/conf.d/ssl.conf | cut -f2 -d' '`

Si lo hemos detectado correctamente, generamos un nuevo certificado autofirmado y lo configuramos en Apache HTTP Server:

if [ ! -z "$CERTIFICATE_CRT_FILE" ] && [ ! -z "$CERTIFICATE_KEY_FILE" ]; then
    openssl req -days $DAYSINTERVAL -x509 -nodes -newkey rsa:2048 -keyout $CERTIFICATE_KEY_FILE -out $CERTIFICATE_CRT_FILE -subj "/C=$COUNTRY/ST=$STATE/L=$LOCALITY/O=$ORGANIZATION_NAME/OU=$ORGANIZATION_UNIT/CN=$COMMON_NAME/emailAddress=$EMAIL/"  -extensions san -config <(echo '[req]'; echo 'distinguished_name=req'; echo '[san]'; echo "subjectAltName=DNS:$(hostname --fqdn)")
    openssl dhparam -out /etc/pki/tls/certs/dhparam.pem 2048
    cat /etc/pki/tls/certs/dhparam.pem | tee -a $CERTIFICATE_CRT_FILE

    chmod 600 $CERTIFICATE_CRT_FILE
    chmod 600 $CERTIFICATE_KEY_FILE

    systemctl reload httpd
fi
Tweet Share Share Pin Share Email

Última modificación: Jun 3, 2020

Volver al inicio