Enabled certificate publishing from command-line

Instead of defining environment variables for push server URL-s the URL-s are now fetched from openssl.cnf instead.
2025-09-08 22:41:04 +00:00 · 2015-10-26 21:50:10 +01:00
parent 42916a7ccc
commit 3012d843a9
8 changed files with 29 additions and 28 deletions
--- a/README.rst
+++ b/README.rst
@@ -154,8 +154,6 @@ Otherwise manually configure ``uwsgi`` application in ``/etc/uwsgi/apps-availabl
    chmod-socket = 660
    chown-socket = certidude:www-data
    buffer-size = 32768
-    env = PUSH_PUBLISH=http://localhost/event/publish/%(channel)s
-    env = PUSH_SUBSCRIBE=http://localhost/event/subscribe/%(channel)s
    env = LANG=C.UTF-8
    env = LC_ALL=C.UTF-8
    env = KRB5_KTNAME=/etc/certidude.keytab
@@ -232,6 +230,11 @@ Also adjust ``/etc/nginx/nginx.conf``:
        include /etc/nginx/sites-enabled/*;
    }

+In your CA ssl.cnf make sure Certidude is aware of your nginx setup:
+
+    publish_certificate_url = http://push.example.com/event/publish/%(request_sha1sum)s
+    subscribe_certificate_url = http://push.example.com/event/subscribe/%(request_sha1sum)s
+
 Restart the services:

 .. code:: bash