Also use persistent keys for Apache SSL

author: Henrik Lund Kramshoej <hlk@kramse.org> 2017-07-11 10:25:56 +0200
committer: Henrik Lund Kramshoej <hlk@kramse.org> 2017-07-11 10:25:56 +0200
commit: 563acb020e50ef6101083f14f7245f0cfd1b82ef (patch)
tree: a9f2749001c39f334866fc67a93bac4323749965
parent: 8a0093d179926808400ebd025431331b3df77c81 (diff)
1 files changed, 8 insertions, 3 deletions
diff --git a/apache-sp/entrypoint.sh b/apache-sp/entrypoint.sh
index c61f369..156b5ac 100644
--- a/apache-sp/entrypoint.sh
+++ b/apache-sp/entrypoint.sh
@@ -17,10 +17,15 @@ if [ ! -f "$KEYDIR/private/shibsp.key" -o ! -f "$KEYDIR/certs/shibsp.crt" ]; the
    cp $METADATADIR/apache-sp/sp-cert.pem "$KEYDIR/certs/shibsp.crt"
 fi
 
-if [ ! -f "$KEYDIR/private/${SP_HOSTNAME}.key" -o ! -f "$KEYDIR/certs/${SP_HOSTNAME}.crt" ]; then
+if [ ! -f "$METADATADIR/apache-sp/${SP_HOSTNAME}.key" -o ! -f "$METADATADIR/apache-sp/${SP_HOSTNAME}.crt" ]; then
    make-ssl-cert generate-default-snakeoil --force-overwrite
-   cp /etc/ssl/private/ssl-cert-snakeoil.key "$KEYDIR/private/${SP_HOSTNAME}.key"
-   cp /etc/ssl/certs/ssl-cert-snakeoil.pem "$KEYDIR/certs/${SP_HOSTNAME}.crt"
+   cp /etc/ssl/private/ssl-cert-snakeoil.key "$METADATADIR/apache-sp/${SP_HOSTNAME}.key"
+   cp /etc/ssl/certs/ssl-cert-snakeoil.pem "$METADATADIR/apache-sp/${SP_HOSTNAME}.crt"
+fi
+
+if [ ! -f "$KEYDIR/private/${SP_HOSTNAME}.key" -o ! -f "$KEYDIR/certs/${SP_HOSTNAME}.crt" ]; then
+   cp $METADATADIR/apache-sp/${SP_HOSTNAME}.key "$KEYDIR/private/${SP_HOSTNAME}.key"
+   cp $METADATADIR/apache-sp/${SP_HOSTNAME}.crt "$KEYDIR/certs/${SP_HOSTNAME}.crt"
 fi
 
 # Fetch metadata
author	Henrik Lund Kramshoej <hlk@kramse.org>	2017-07-11 10:25:56 +0200
committer	Henrik Lund Kramshoej <hlk@kramse.org>	2017-07-11 10:25:56 +0200
commit	563acb020e50ef6101083f14f7245f0cfd1b82ef (patch)
tree	a9f2749001c39f334866fc67a93bac4323749965
parent	8a0093d179926808400ebd025431331b3df77c81 (diff)