SSLConfiguratorForLinux.sh

#!/bin/sh

WORKING_DIRECTORY=$(pwd)
SCREENCONNECT_DIRECTORY=${scdir:-/opt/screenconnect}
HTTPLISTENER_DIRECTORY="$SCREENCONNECT_DIRECTORY/App_Runtime/etc/.mono/httplistener"
SCREENCONNECT_KEY="ScreenConnectPrivateKey.key"
SCREENCONNECT_CSR="ScreenConnectCertSignRequest.csr"
SCREENCONNECT_CERT="ScreenConnectCertificate.cer"


LOG_FILE="SSL_Configurator.log"
printf "\n\n" >> "$LOG_FILE"
date >> "$LOG_FILE"

{

set -e

while true; do

    echo Welcome to the ScreenConnect SSL Configurator for Linux.
    echo
    echo What do you want to do?
    echo "1. Change working directory where certificate files are stored."
    echo "   (currently: $WORKING_DIRECTORY )"
    echo
    echo "2. Change directory where ScreenConnect is currently installed."
    echo "   (currently: $SCREENCONNECT_DIRECTORY )"
    echo
    echo "3. Create a private key and generate a certificate signing request (CSR) to send to your certificate authority (CA)."
    echo
    echo "4. Convert and rename your certificate and private key."
    echo
    echo "5. Install your certificate and private key."
    echo
    echo "6. Edit the web.config file."
    echo
    echo "7. Exit."
    echo
    printf "? "
    read COMMAND

    case "$COMMAND" in
       1)
         echo "Current working directory: $WORKING_DIRECTORY"
         echo "Enter new working directory:"
         printf "?"
         read WORKING_DIRECTORY
         if [ ! -d "$WORKING_DIRECTORY" ];
            then
               echo "Directory $WORKING_DIRECTORY not found."
               break;
            fi
         echo "Changed working directory to $WORKING_DIRECTORY."
         echo
         sleep 2
         ;;
       2)
         echo "Current ScreenConnect installation directory: $SCREENCONNECT_DIRECTORY"
         echo "Enter new ScreenConnect directory."
         printf '? '
         read SCREENCONNECT_DIRECTORY
         if [ ! -d "$SCREENCONNECT_DIRECTORY" ];
            then
               echo "Directory $SCREENCONNECT_DIRECTORY not found."
               break;
            fi
         echo "Changed ScreenConnect directory to $SCREENCONNECT_DIRECTORY."
         echo
         sleep 2
         ;;
       3)
        echo "Creating a new private key and CSR"
        echo
        openssl genrsa -out "$WORKING_DIRECTORY"/"$SCREENCONNECT_KEY" 2048 2>&1 tee "$LOG_FILE"
        echo

        echo "Now generating $SCREENCONNECT_CSR..."
        openssl req -new -key "$WORKING_DIRECTORY"/"$SCREENCONNECT_KEY" -sha256 -out "$WORKING_DIRECTORY"/"$SCREENCONNECT_CSR"
        if [ -f "$WORKING_DIRECTORY/$SCREENCONNECT_CSR" ];
           then
              echo "Created $WORKING_DIRECTORY/$SCREENCONNECT_KEY and $WORKING_DIRECTORY/$SCREENCONNECT_CSR"
              echo "Send $SCREENCONNECT_CSR to your certificate authority. When you receive your server certificate, name it $SCREENCONNECT_CERT and put it in your working directory ($WORKING_DIRECTORY)."
              echo
              sleep 2
           else
              printf "\nThere was a problem creating $WORKING_DIRECTORY/$SCREENCONNECT_CSR\n"
           fi
         ;;
       4)
         echo "Searching for $SCREENCONNECT_CERT..."
         if [ -f "$WORKING_DIRECTORY/$SCREENCONNECT_CERT" ];
            then
               echo "Making sure your certificate and private key match..."

               KEY_HASH="$( openssl rsa -noout -modulus -in "$WORKING_DIRECTORY/$SCREENCONNECT_KEY" | openssl md5 )"
               CERT_HASH="$( openssl x509 -noout -modulus -in "$WORKING_DIRECTORY/$SCREENCONNECT_CERT" | openssl md5 )"

               if [ "$KEY_HASH" != "$CERT_HASH" ];
                  then
                    echo "Your certificate does not match your private key."
                    break
                  fi
               echo "Converting $SCREENCONNECT_KEY to PVK file..."
               openssl rsa -in "$WORKING_DIRECTORY"/"$SCREENCONNECT_KEY" -inform PEM -outform PVK -pvk-none -out "$WORKING_DIRECTORY/443.pvk"

               if [ ! -f "$WORKING_DIRECTORY/443.pvk" ];
                  then
                     echo "Could not create $WORKING_DIRECTORY/443.pvk"
                     break
                  fi


               echo "Copying and renaming $SCREENCONNECT_CERT to 443.cer..."
               cp "$WORKING_DIRECTORY/$SCREENCONNECT_CERT" "$WORKING_DIRECTORY/443.cer"

               echo "Done. Returning to menu."
               sleep 2
               echo

            else
               echo "Could not find $WORKING_DIRECTORY/$SCREENCONNECT_CERT. Remember to rename your server certificate to $SCREENCONNECT_CERT."

            fi

         ;;

       5)
          echo "Moving 443.cer and 443.pvk to $SCREENCONNECT_DIRECTORY/httplistener..."
          mkdir -p "$HTTPLISTENER_DIRECTORY"
          mv -t "$HTTPLISTENER_DIRECTORY" "$WORKING_DIRECTORY"/"443.cer" "$WORKING_DIRECTORY"/"443.pvk"
          echo "Done."
          echo
          sleep 2
          ;;

       6)
         echo "Creating a backup of the web.config file..."
         cp "$SCREENCONNECT_DIRECTORY/web.config" "$WORKING_DIRECTORY/web.config.$(date +%s).backup"
         echo "Setting WebServerListenUri to https://+:443/..."
         sed -i -r 's|(WebServerListenUri.*value=)"[^"]*"|\1"https://+:443/"|' "$SCREENCONNECT_DIRECTORY/web.config"
         echo "Completed."
         echo "Restart the screenconnect services with one of the following commands:"
         echo "sudo service screenconnect restart"
         echo "OR"
         echo "sudo /etc/init.d/screenconnect stop"
         echo "sudo /etc/init.d/screenconnect start"
         echo
         sleep 2
         ;;
       7)
         break
         ;;
       "")
         ;;
       *)
         echo 'Invalid input'
         exit 1
          ;;
    esac

done
}  2>&1 | tee -a "$LOG_FILE"