#!/bin/sh
#
# Author: Rune Nordbe Skillingstad <rune@skillingtad.no>
# Date: 2003-02-12
#
# Create a TLS certificate for slapd. To change default settings,
# edit /etc/ldap/ssl/slapd-cert.cnf
#
# $Id: mkslapdcert 34400 2007-06-09 08:26:00Z pere $


opensslbin=/usr/bin/openssl

certconf=/etc/ldap/ssl/slapd-cert.cnf
privkey=/etc/ldap/ssl/slapd.pem
pubkey=/var/www/ldap-server-pubkey.pem

test -x $opensslbin || (echo "error: can't fint openssl."; exit 1)

if [ ! -f $certconf ] ; then
    echo "error: missing certificate configuration file $certconf."
fi

chmod 750 /etc/ldap/ssl

if [ -f $privkey ] ; then
    echo "error: private key $privkey already exist.  Exiting."
    exit 1;
fi

$opensslbin req -new -x509 -nodes \
      -config $certconf -out $privkey -keyout $privkey > /dev/null 2>&1 \
  || echo "error: problems running openssl."

openssl x509 -inform pem -in $privkey -pubkey -noout > $pubkey \
  || echo "error: problems running openssl."

# Make sure the private key is only readable by root
chmod 600 $privkey

# And make the public key readable by all.  This is stored in a directory
# available for download using HTTP, to allow it to be copied to
# all LDAP PAM client.
chmod 644 $pubkey
