Le gros avantage de cette solution, pas de config spécifique sur Jeedom et un seul certificat pour tout.
Il est inspiré du script permettant de faire les backus de pfsense.
voici le script:
Code : Tout sélectionner
#!/bin/sh
VERSION="2017.10.07_wget"
RUNDIR="$( cd "$( dirname "$0" )" && pwd )"
#
##############################
######### VARIABLES #########
#
# L'ip ou le Host de PFsense
PFSENSE_HOST=https://192.168.X.Y
# l'ID du certificat dans pfsense (System > Certificate Manager > Certificates)
PFSENSE_ID=5
# login - password
PFSENSE_USER=admin
PFSENSE_PASS=XXxxXXxXX
#
# Ou sauver le certificat et la cle (au meme endroit que le script - attention aux droits autre part)
CERT_DIR="/var/www/html/plugins/script/core/ressources"
######## END VARIABLES ########
###############################
#
#########################################
#
#
wget -V $i >/dev/null 2>&1 || { echo "ERROR : wget MUST be installed to run this script."; exit 1; }
#
echo "*1*"
COOKIE_FILE="`mktemp $CERT_DIR/pfsbck.XXXXXXXX`"
CSRF1_TOKEN="`mktemp $CERT_DIR/csrf1.XXXXXXXX`"
CSRF2_TOKEN="`mktemp $CERT_DIR/csrf2.XXXXXXXX`"
CONFIG_TMP="`mktemp $CERT_DIR/config-tmp-xml.XXXXXXXX`"
#
unset RRD PWD PKG
#
#
if [ "$BACKUP_RRD" = "0" ] ; then RRD="&donotbackuprrd=yes" ; fi
if [ "$BACKUP_PKGINFO" = "0" ] ; then PKG="&nopackages=yes" ; fi
if [ -n "$BACKUP_PASSWORD" ] ; then PWD="&encrypt_password=$BACKUP_PASSWORD&encrypt_passconf=$BACKUP_PASSWORD&encrypt=on" ; fi
#
mkdir -p "$CERT_DIR"
#
# fetch login
wget -qO- --proxy=off --keep-session-cookies --save-cookies $COOKIE_FILE --no-check-certificate "$PFSENSE_HOST/system_certmanager.php" | grep "name='__csrf_magic'" | sed 's/.*value="\(.*\)".*/\1/' > $CSRF1_TOKEN || echo "ERROR: FETCH"
#
# submit the login
wget -qO- --proxy=off --keep-session-cookies --load-cookies $COOKIE_FILE --save-cookies $COOKIE_FILE --no-check-certificate --post-data "login=Login&usernamefld=${PFSENSE_USER}&passwordfld=${PFSENSE_PASS}&__csrf_magic=$(cat $CSRF1_TOKEN)" "$PFSENSE_HOST/system_certmanager.php?act=exp&id=$PFSENSE_ID" | grep "name='__csrf_magic'" | sed 's/.*value="\(.*\)".*/\1/' > $CSRF2_TOKEN || echo "ERROR: SUBMIT THE LOGIN"
#
# submit download to save config CRT
wget --proxy=off --keep-session-cookies --load-cookies $COOKIE_FILE --no-check-certificate --post-data "__csrf_magic=$(head -n 1 $CSRF2_TOKEN)" "$PFSENSE_HOST/system_certmanager.php?act=exp&id=$PFSENSE_ID" -qO $CONFIG_TMP || echo "ERROR: SAVING CRT FILE"
#
# check if credentials are valid
if grep -qi 'username or password' $CONFIG_TMP; then
echo ; echo " !!! AUTHENTICATION ERROR (${PFSENSE_HOST}): PLEASE CHECK LOGIN AND PASSWORD"; echo
rm -f $CONFIG_TMP
exit 1
fi
#
#
# crt file contains doctype when the URL is wrong
if grep -qi 'doctype html' $CONFIG_TMP; then
echo ; echo " !!! URL ERROR (${PFSENSE_HOST}): HTTP OR HTTPS ?"; echo
rm -f $CONFIG_TMP
exit 1
fi
#
cert_file="Certificat.crt"
#
# definitive config file name
mv -f "$CERT_DIR/$cert_file" "$CERT_DIR/Certificat.crt.old"
mv -f $CONFIG_TMP "$CERT_DIR/$cert_file" && echo "Backup OK : $CERT_DIR/$cert_file" || echo "Backup NOK !!! ERROR !!!"
#
# submit download to save config KEY
wget --proxy=off --keep-session-cookies --load-cookies $COOKIE_FILE --no-check-certificate --post-data "__csrf_magic=$(head -n 1 $CSRF2_TOKEN)" "$PFSENSE_HOST/system_certmanager.php?act=key&id=$PFSENSE_ID" -qO $CONFIG_TMP || echo "ERROR: SAVING KEY FILE"
#
# check if credentials are valid
if grep -qi 'username or password' $CONFIG_TMP; then
echo ; echo " !!! AUTHENTICATION ERROR (${PFSENSE_HOST}): PLEASE CHECK LOGIN AND PASSWORD"; echo
rm -f $CONFIG_TMP
exit 1
fi
#
#
# key file contains doctype when the URL is wrong
if grep -qi 'doctype html' $CONFIG_TMP; then
echo ; echo " !!! URL ERROR (${PFSENSE_HOST}): HTTP OR HTTPS ?"; echo
rm -f $CONFIG_TMP
exit 1
fi
#
cert_file="Certificat.key"
#
# definitive config file name
mv -f "$CERT_DIR/$cert_file" "$CERT_DIR/Certificat.key.old"
mv -f $CONFIG_TMP "$CERT_DIR/$cert_file" && echo "Backup OK : $CERT_DIR/$cert_file" || echo "Backup NOK !!! ERROR !!!"
#
# cleaning tmp and cookie files
rm -f "$COOKIE_FILE" "$CSRF1_TOKEN" "$CSRF2_TOKEN"
#
sudo service apache2 restart
echo
exit 0
Code : Tout sélectionner
nano /etc/apache2/sites-enabled/default-ssl.conf
Code : Tout sélectionner
SSLCertificateFile /var/www/html/plugins/script/core/ressources/Certificat.crt
SSLCertificateKeyFile /var/www/html/plugins/script/core/ressources/Certificat.key