added preamble to CACert section and provision for skipping

This commit is contained in:
Asif Bacchus 2019-01-06 04:26:55 -07:00
parent 335be15355
commit a539c547da
2 changed files with 15 additions and 5 deletions

View File

@ -4,15 +4,15 @@
"fsPath": "$ROOTPATH$/setup.sh",
"bookmarks": [
-1,
30,
43,
31,
44,
677,
-1,
-1,
-1,
-1,
-1,
-1,
-1
354
]
}
]

View File

@ -27,6 +27,7 @@ unset CAChainPath
unset DHPath
unset phpVersion
unset phpType
unset noOSCP
# set variables
regexIP4="(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])"
@ -339,11 +340,20 @@ if [ "${useCertbot}" -eq 0 ]; then
done
# not using Certbot: get location of CA Certificate Chain
echo -e "\n${mag}Your full Certificate Authority certificate-chain (root and any/all"
echo "intermediate certificates bundled in one file) is required if you want NGINX"
echo "to provide OSCP stapling for your visitors. In most cases, you want this."
echo "If you don't have your CA chain, you can fill in the filename you'll be saving"
echo "it as in the future and confirm it when the scripts prompts you. In that"
echo -e "case, however, ${warn}NGINX will not work until that file actually exists.${mag}"
echo -e "\nIf you are using a self-signed certificate or do not want OSCP stapling, leave"
echo -e "this blank ${warn}(hit enter)${mag} and the relevant configuration section will be disabled.${norm}"
while true; do
read -p "What is the path to your primary SSL CA Chain certificate? " inputCAChainPath
case "${inputCAChainPath}" in
'')
echo -e "\n${err}You cannot have an empty path to your SSL CA Chain certificate${norm}"
noOSCP=1
break
;;
[Xx]*)
echo -e "\n${cyan}---exiting---\n${norm}"