script update IPReg faked certificates
--------------------------------------
[http@baghdadic scripts]$ cat ~/scripts/renew-all-fake-cert.bash
#!/bin/bash
# echo "cmd: $0 $1";
export FAKEHOME=/servers/web/ipreg/.netscape
export OPENSSL=/servers/web/openssl/bin/openssl
export OPENSSLCONF=/servers/web/openssl/openssl.cnf
export CERTUTIL=/servers/netscape/cms42/bin/cert/tools/certutil
export LDAPSEARCH=/servers/netscape/cms42/shared/bin/ldapsearch
export LD_LIBRARY_PATH=/servers/netscape/cms42/lib
cd $FAKEHOME
for i in `ls -1 | grep -v template | grep -v backup | grep -v Certificate-Authority`; do
if `$LDAPSEARCH -h directory.unimacq.edu.au -p 10389 -b "uid=$i, ou=People, o=The University of Macquarie, c=AU" "(objectclass=*)" >& /dev/null`
then
# echo $i
cp -r $i backup/
$OPENSSL req -text -in $FAKEHOME/$i/$i.req.pem
$OPENSSL ca -config $OPENSSLCONF -revoke $FAKEHOME/$i/$i.pem
$OPENSSL ca -config $OPENSSLCONF -in $FAKEHOME/$i/$i.req.pem -out $FAKEHOME/$i/$i.pem -passin file:$FAKEHOME/.passwd -batch
$OPENSSL x509 -inform PEM -outform DER -in $FAKEHOME/$i/$i.pem -out $FAKEHOME/$i/$i.crt
$CERTUTIL -D -d $FAKEHOME/$i -n "$i"
$CERTUTIL -A -d $FAKEHOME/$i -n "$i" -t "u,u,u" -i $FAKEHOME/$i/$i.crt -f $FAKEHOME/.passwd
$CERTUTIL -L -d $FAKEHOME/$i -n "$i"
echo `date '+%Y.%m.%d %a'` user [$i] faked certificate is updated >> backup/updated-users.txt
else
echo `date '+%Y.%m.%d %a'` user [$i] missed in LDAP Server >> backup/missed-users.txt
fi
done
|