Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- #!/bin/bash
- # Fetch available updates, upgrade current packages and install updates
- sudo apt-get update
- sudo apt-get upgrade --assume-yes
- sudo apt-get dist-upgrade --assume-yes
- # Install pip, awscli, nodejs, npm and json
- sudo apt install python-pip --assume-yes
- pip install awscli --upgrade --user
- sudo apt install --assume-yes npm nodejs-legacy
- sudo npm install -g json
- # Generate the TLS Certificate and drop it in the right place for Tomcat.
- cd /opt/bitnami/apache2/conf
- printf "[req]\nreq_extensions = v3_req\ndistinguished_name = req_distinguished_name\n\n[ req_distinguished_name ]\n\n[v3_req]\nsubjectAltName = @alt_names\n\n[alt_names]\nDNS.1 = DNS_NAME_PLACEHOLDER\n" > ssl.conf
- sudo openssl req -nodes -newkey rsa:2048 -days 365 -keyout server.key -out server.csr -subj "/O=Example/CN=DNS_NAME_PLACEHOLDER" -config ssl.conf
- certificateArn=$(~/.local/bin/aws acm-pca issue-certificate --certificate-authority-arn PCA_ARN_PLACEHOLDER --csr file://server.csr --signing-algorithm "SHA256WITHRSA" --validity Value=365,Type="DAYS" --region eu-west-1 | json CertificateArn)
- # Sometimes it may take a few seconds before the certificat becomes available.
- sleep 10
- fullCertificate=$(~/.local/bin/aws acm-pca get-certificate --certificate-authority-arn PCA_ARN_PLACEHOLDER --certificate-arn $certificateArn --region eu-west-1)
- echo $fullCertificate | json Certificate | sudo tee server.crt
- echo $fullCertificate | json CertificateChain | sudo tee server-ca.crt
- # Restart the server to ensure certificates are picked up.
- sudo shutdown -r now
Add Comment
Please, Sign In to add comment