Untitled

#!/bin/bash

# Fetch available updates, upgrade current packages and install updates
sudo apt-get update
sudo apt-get upgrade --assume-yes
sudo apt-get dist-upgrade --assume-yes

# Install pip, awscli, nodejs, npm and json
sudo apt install python-pip --assume-yes
pip install awscli --upgrade --user
sudo apt install --assume-yes npm nodejs-legacy
sudo npm install -g json


# Generate the TLS Certificate and drop it in the right place for Tomcat.
cd /opt/bitnami/apache2/conf
printf "[req]\nreq_extensions = v3_req\ndistinguished_name = req_distinguished_name\n\n[ req_distinguished_name ]\n\n[v3_req]\nsubjectAltName = @alt_names\n\n[alt_names]\nDNS.1 = DNS_NAME_PLACEHOLDER\n" > ssl.conf
sudo openssl req -nodes -newkey rsa:2048 -days 365 -keyout server.key -out server.csr -subj "/O=Example/CN=DNS_NAME_PLACEHOLDER" -config ssl.conf

certificateArn=$(~/.local/bin/aws acm-pca issue-certificate --certificate-authority-arn PCA_ARN_PLACEHOLDER --csr file://server.csr --signing-algorithm "SHA256WITHRSA" --validity Value=365,Type="DAYS" --region eu-west-1 | json CertificateArn)

# Sometimes it may take a few seconds before the certificat becomes available.
sleep 10

fullCertificate=$(~/.local/bin/aws acm-pca get-certificate --certificate-authority-arn PCA_ARN_PLACEHOLDER --certificate-arn $certificateArn --region eu-west-1)
echo $fullCertificate | json Certificate | sudo tee server.crt
echo $fullCertificate | json CertificateChain | sudo tee  server-ca.crt

# Restart the server to ensure certificates are picked up.
sudo shutdown -r now