RuhNetConsulting
/
getssl
mirror of https://github.com/srvrco/getssl
1
0
Fork 0
Code Issues 0 Projects 0 Releases 51 Wiki Activity
Browse Source

When combining .key files with certs, set umask to 077 to protect key

pull/289/head
Timothe Litt 8 years ago
parent
676e2cc72d
commit
1c7c027648
1 changed files with 8 additions and 0 deletions
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. +8
    -0
      getssl

+ 8
- 0
getssl View File

@ -1736,11 +1736,15 @@ if [[ "${CHECK_REMOTE}" == "true" ]] && [[ $_FORCE_RENEW -eq 0 ]]; then
copy_file_to_location "full pem" \
"$TEMP_DIR/${DOMAIN}_chain.pem" \
"$DOMAIN_CHAIN_LOCATION"
umask 077
cat "$DOMAIN_DIR/${DOMAIN}.key" "$CERT_FILE" > "$TEMP_DIR/${DOMAIN}_K_C.pem"
umask "$ORIG_UMASK"
copy_file_to_location "private key and domain cert pem" \
"$TEMP_DIR/${DOMAIN}_K_C.pem" \
"$DOMAIN_KEY_CERT_LOCATION"
umask 077
cat "$DOMAIN_DIR/${DOMAIN}.key" "$CERT_FILE" "$CA_CERT" > "$TEMP_DIR/${DOMAIN}.pem"
umask "$ORIG_UMASK"
copy_file_to_location "full pem" \
"$TEMP_DIR/${DOMAIN}.pem" \
"$DOMAIN_PEM_LOCATION"
@ -2154,12 +2158,14 @@ if [[ ! -z "$DOMAIN_KEY_CERT_LOCATION" ]]; then
else
to_location="${DOMAIN_KEY_CERT_LOCATION}"
fi
umask 077
cat "$DOMAIN_DIR/${DOMAIN}.key" "$CERT_FILE" > "$TEMP_DIR/${DOMAIN}_K_C.pem"
copy_file_to_location "private key and domain cert pem" "$TEMP_DIR/${DOMAIN}_K_C.pem" "$to_location"
if [[ "$DUAL_RSA_ECDSA" == "true" ]]; then
cat "$DOMAIN_DIR/${DOMAIN}.ec.key" "${CERT_FILE::-4}.ec.crt" > "$TEMP_DIR/${DOMAIN}_K_C.pem.ec"
copy_file_to_location "private ec key and domain cert pem" "$TEMP_DIR/${DOMAIN}_K_C.pem.ec" "${to_location}.ec"
fi
umask "$ORIG_UMASK"
fi
# if DOMAIN_PEM_LOCATION is not blank, then create and copy file.
if [[ ! -z "$DOMAIN_PEM_LOCATION" ]]; then
@ -2168,12 +2174,14 @@ if [[ ! -z "$DOMAIN_PEM_LOCATION" ]]; then
else
to_location="${DOMAIN_PEM_LOCATION}"
fi
umask 077
cat "$DOMAIN_DIR/${DOMAIN}.key" "$CERT_FILE" "$CA_CERT" > "$TEMP_DIR/${DOMAIN}.pem"
copy_file_to_location "full key, cert and chain pem" "$TEMP_DIR/${DOMAIN}.pem" "$to_location"
if [[ "$DUAL_RSA_ECDSA" == "true" ]]; then
cat "$DOMAIN_DIR/${DOMAIN}.ec.key" "${CERT_FILE::-4}.ec.crt" "${CA_CERT::-4}.ec.crt" > "$TEMP_DIR/${DOMAIN}.pem.ec"
copy_file_to_location "full ec key, cert and chain pem" "$TEMP_DIR/${DOMAIN}.pem.ec" "${to_location}.ec"
fi
umask "$ORIG_UMASK"
fi
# end of copying certs.


Write Preview
Loading…
Cancel
Save