-
Notifications
You must be signed in to change notification settings - Fork 0
/
start.sh
47 lines (37 loc) · 1.53 KB
/
start.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
#!/bin/bash
KEYDIR=/etc/ssl
mkdir -p $KEYDIR/certs $KEYDIR/private
chmod og-rw $KEYDIR/private
export KEYDIR
if [ "x${CERTNAME}" = "x" ]; then
CERTNAME="$HOSTNAME"
fi
if [ ! -f "$KEYDIR/private/${CERTNAME}.key" -o ! -f "$KEYDIR/certs/${CERTNAME}.crt" ]; then
make-ssl-cert generate-default-snakeoil --force-overwrite
cp /etc/ssl/private/ssl-cert-snakeoil.key "$KEYDIR/private/${CERTNAME}.key"
cp /etc/ssl/certs/ssl-cert-snakeoil.pem "$KEYDIR/certs/${CERTNAME}.crt"
fi
CHAIN=""
if [ -f "$KEYDIR/certs/${CERTNAME}.chain" ]; then
CHAIN="$KEYDIR/certs/${CERTNAME}.chain"
elif [ -f "$KEYDIR/certs/${CERTNAME}-chain.crt" ]; then
CHAIN="$KEYDIR/certs/${CERTNAME}-chain.crt"
elif [ -f "$KEYDIR/certs/${CERTNAME}.chain.crt" ]; then
CHAIN="$KEYDIR/certs/${CERTNAME}.chain.crt"
fi
OPENSSL_ARGS=""
if [ "x$CHAIN" != "x" ]; then
OPENSSL_ARGS="-chain $CHAIN"
fi
openssl pkcs12 -export -password "pass:dummy" -name tls -out /tmp/${CERTNAME}.p12 -inkey $KEYDIR/private/${CERTNAME}.key -in $KEYDIR/certs/${CERTNAME}.crt $OPENSSL_ARGS
export SERVER_SSL_KEY_STORE=/tmp/${CERTNAME}.p12
export SERVER_SSL_KEY_STORE_PASSWORD=dummy
export SERVER_SSL_KEY_PASSWORD=dummy
export SERVER_SSL_KEY_STORE_TYPE=PKCS12
export SERVER_SSL_KEY_ALIAS=tls
if [ ! -f /etc/ssl/certs/java/cacerts -a -f /etc/cacerts ]; then
mkdir -p /etc/ssl/certs/java
cp -a /etc/cacerts /etc/ssl/certs/java/cacerts
fi
export JAVA_OPTS="$JAVA_OPTS -Djavax.net.ssl.trustStore=/etc/ssl/certs/java/cacerts"
exec java $JAVA_OPTS -jar /opt/signservice/signservice-integration-rest.jar