POSTIN

/bin/sh

# http://www.mozilla.org/projects/security/pki/nss/tools/certutil.html
# http://www.mozilla.org/projects/security/pki/nss/tools/pk12util.html
# http://directory.fedora.redhat.com/wiki/Mod_nss

# the following stuff is partly taken from the migrate.pl script and is not the slightest fool proof in any way...

# TODO: figure out how to make this accept a ASCII password file for rpm install automation, currently it 
# prompts for a password which is not so nice.

# Create an NSS database. You just need to specify the database directory, not a specific file. 
# This will create the 3 files that make up your database: cert8.db, key3.db and secmod.db.
if ! [ -f /etc/pki/nss/apache-mod_nss/cert8.db -o -f /etc/pki/nss/apache-mod_nss/key3.db -o -f /etc/pki/nss/apache-mod_nss/secmod.db ]; then
    echo "Creating NSS certificate database."
    certutil -N -d /etc/pki/nss/apache-mod_nss
fi

# Convert the OpenSSL key and certificate into a PKCS#12 file
if [ -f /etc/ssl/apache/server.crt -o -f /etc/ssl/apache/server.key ]; then
    subject=`openssl x509 -subject < /etc/ssl/apache/server.crt | head -1 | perl -pi -e 's/subject= \///;s/\//,/g;s/Email=.*(,){0,1}//;s/,$//;g'`
    echo "Importing certificate $subject as \"Server-Cert\"."
    openssl pkcs12 -export -in /etc/ssl/apache/server.crt -inkey /etc/ssl/apache/server.key \
    -out /etc/pki/nss/apache-mod_nss/server.p12 -name "Server-Cert" -passout pass:foo
    # Load the PKCS #12 file into your NSS database. 
    pk12util -i /etc/pki/nss/apache-mod_nss/server.p12 -d /etc/pki/nss/apache-mod_nss -W foo
else
    /usr/sbin/nss_gencert /etc/pki/nss/apache-mod_nss
fi

if [ -f /var/lock/subsys/httpd ]; then
    /etc/rc.d/init.d/httpd restart 1>&2;
fi

POSTUN

/bin/sh

if [ "$1" = "0" ]; then
    if [ -f /var/lock/subsys/httpd ]; then
        /etc/rc.d/init.d/httpd restart 1>&2
    fi
fi