Last active
August 29, 2015 13:58
-
-
Save onelittleant/10344400 to your computer and use it in GitHub Desktop.
Generates new SSL private keys and CSR requests from existing certificates on a server (based on our local certificate file storage structure) in response to Heartbleed CVE-2014-0160. Avoids re-entry of SSL certificate organization information. Bundles new CSR files in a zip in the working directory.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash | |
find /var/www/. -type f -iname "*.crt" -print0 | while IFS= read -r -d $'\0' crtpath; do | |
export DIR=${crtpath%/*} | |
export VHOST=${DIR%/*} | |
export FILE=`basename $crtpath` | |
FILE=${FILE/\.crt/\.csr} | |
export KEYFILE=${FILE/\.csr/\.key} | |
export DOMAIN=${FILE%\.csr} | |
if [ ! -d $DIR/newcerts ]; then | |
mkdir $DIR/newcerts | |
openssl genrsa -out $DIR/newcerts/$DOMAIN.key 2048 | |
openssl x509 -x509toreq -in $crtpath -out $DIR/newcerts/$FILE -key $DIR/newcerts/$DOMAIN.key | |
zip -g -j newcerts.zip $DIR/newcerts/$FILE | |
fi; | |
done |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment