lauri/certidude
1
0
Fork 0
mirror of https://github.com/laurivosandi/certidude synced 2025-09-07 06:01:03 +00:00
Code Issues Activity

Several updates #2

Browse Source 
* Reverse RDN components for all certs
* Less side effects in unittests
* Split help dialog shell snippets into separate files
* Restore 'admin subnets' config option
* Embedded subnets, IKE and ESP proposals now configurable in builder.conf
* Use expr instead of bc for math operations in shell
* Better frontend support for Let's Encrypt certificates
This commit is contained in:
Lauri Võsandi
2018-05-02 08:11:01 +00:00
parent 5e9251f365
commit 4e4b551cc2
49 changed files with 959 additions and 1051 deletions
Download Patch File Download Diff File Expand all files Collapse all files

17
doc/overlay/usr/bin/certidude-enroll
View File

@@ -1,5 +1,8 @@
#!/bin/sh
set -e
set -x
AUTHORITY=certidude.@authority[0]
# TODO: iterate over all authorities
@@ -29,7 +32,6 @@ logger -t certidude -s "Time is now: $(date)"
if [ -f $CERTIFICATE_PATH ]; then
SERIAL=$(openssl x509 -in $CERTIFICATE_PATH -noout -serial | cut -d "=" -f 2 | tr [A-F] [a-f])
logger -t certidude -s "Certificate with serial $SERIAL already exists in $CERTIFICATE_PATH, attempting to bring up VPN tunnel..."
ipsec restart
exit 0
fi
@@ -39,16 +41,20 @@ fi
#########################################
if [ ! -f $KEY_PATH ]; then
logger -t certidude -s "Generating $KEY_TYPE key for VPN..."
case $KEY_TYPE in
rsa)
logger -t certidude -s "Generating $KEY_LENGTH-bit RSA key..."
openssl genrsa -out $KEY_PATH.part $KEY_LENGTH
openssl rsa -in $KEY_PATH.part -noout
;;
ec)
logger -t certidude -s "Generating $KEY_CURVE ECDSA key..."
openssl ecparam -name $KEY_CURVE -genkey -noout -out $KEY_PATH.part
;;
*)
logger -t certidude -s "Unsupported key type $KEY_TYPE"
exit 255
;;
esac
mv $KEY_PATH.part $KEY_PATH
fi
@@ -120,4 +126,5 @@ mv $CERTIFICATE_PATH.part $CERTIFICATE_PATH
# Start services
logger -t certidude -s "Starting IPSec IKEv2 daemon..."
ipsec restart
/etc/init.d/ipsec enable
/etc/init.d/ipsec restart