Skip to content

Instantly share code, notes, and snippets.

@echr
Forked from fabiomontefuscolo/update-openfire.sh
Created March 13, 2019 01:06
Show Gist options
  • Save echr/1d657381c43a3526e8de5bd4840eef47 to your computer and use it in GitHub Desktop.
Save echr/1d657381c43a3526e8de5bd4840eef47 to your computer and use it in GitHub Desktop.
Update openfire keystore with Letsencrypt stuff
#!/bin/bash
#
# @author https://github.com/guusdk
#
# Checks for a known location where Let's Encrypt keys/certificates will be spontaneously exist.
# When files are detected, they're used to generate a new keystore, which is then used
# to replace the Openfire keystore.
set -e
PRIVKEY=/etc/letsencrypt/live/ourdomain/privkey.pem
CHAIN=/etc/letsencrypt/live/ourdomain/fullchain.pem
OPENFIRESTORE=/opt/openfire/resources/security/keystore
PASSWORD=changeit
# No changes needed below.
PKCS12ARCHIVE=/tmp/keystore.p12
TMPKEYSTORE=/tmp/keystore
if [[ -f $PRIVKEY && -f $CHAIN ]]
then
# Remove leftovers from last iteration.
if [[ -f $PKCS12ARCHIVE ]]
then
rm $PKCS12ARCHIVE
fi
if [[ -f $TMPKEYSTORE ]]
then
rm $TMPKEYSTORE
fi
# Import Let's Encrypt data in PKCS12 archive.
openssl pkcs12 \
-export \
-out $PKCS12ARCHIVE \
-inkey $PRIVKEY \
-in $CHAIN \
-password pass:$PASSWORD
# Remove Let's Encrypt source data to prevent another execution.
rm $PRIVKEY && rm $CHAIN
# Create new Java keystore based on PKCS12 archive.
keytool -importkeystore \
-destkeystore $TMPKEYSTORE \
-deststorepass $PASSWORD \
-srcstoretype PKCS12 \
-srcstorepass $PASSWORD \
-srckeystore $PKCS12ARCHIVE
# Set owner for new file
chown daemon:daemon $TMPKEYSTORE
# Backup old Openfire keystore.
cp $OPENFIRESTORE $OPENFIRESTORE-backup-$(date +%s)
# Move new store in place.
mv $TMPKEYSTORE $OPENFIRESTORE
fi
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment