#!/bin/bash

# sslonapache.sh - by dual
#
# Configures https for Apache
#
# Usage: sh ./sslonapache.sh <password>
#######################################


# Make sure we're root
if [ $UID != '0' ]; then
	echo ">>> $0 must run as root... exiting"
	exit
fi


# Save some typing
DIR="/etc/httpd"


# Print header
echo
echo "-------------------------------------"
echo "sslonapache.sh -"
echo "Usage: sh ./sslonapache.sh <password>"
echo "-------------------------------------"
echo


# Make working directory
echo ">>> Creating working directory..."
mkdir -p $DIR/ssl.crt


# Make key and certificate
echo ">>> Creating server key and certificate..."
echo
openssl genrsa -des3 -passout pass:$1 -out $DIR/ssl.crt/server.key.org 1024
openssl req -new -passin pass:$1 -passout pass:$1 -key $DIR/ssl.crt/server.key.org \
	-out $DIR/ssl.crt/server.csr -days 3650
openssl req -x509 -passin pass:$1 -passout pass:$1 -key $DIR/ssl.crt/server.key.org \
	-in $DIR/ssl.crt/server.csr -out $DIR/ssl.crt/server.crt -days 3650
openssl rsa -passin pass:$1 -in $DIR/ssl.crt/server.key.org -out $DIR/ssl.crt/server.key


# Deploy key based on OS
echo
echo ">>> Deploying key..."
if   [[ -f /etc/fedora-release || -f /etc/redhat-release ]]; then
	cp $DIR/conf/ssl.crt/server.crt $DIR/conf/ssl.crt/server.crt.bak
	cp -f $DIR/ssl.crt/server.crt $DIR/conf/ssl.crt/server.crt
	cp $DIR/conf/ssl.key/server.key $DIR/conf/ssl.key/server.key.bak
	mv -f $DIR/ssl.crt/server.key $DIR/conf/ssl.key/server.key
	chmod 400 $DIR/conf/ssl.key/server.key
else
	mkdir -p $DIR/ssl.key
	mv -f $DIR/ssl.crt/server.key $DIR/ssl.key/server.key
	chmod 400 $DIR/ssl.key/server.key
fi


# Closing message
echo ">>> Done!"
echo ">>> Restart httpd now."
echo