Added instructions for automating certificate management on Ubuntu

2015-10-17 20:42:59 +03:00 · 2015-10-17 20:42:59 +03:00 · e6817b0c81
parent 0a92589f41
commit e6817b0c81
1 changed files with 30 additions and 0 deletions
--- a/README.rst
+++ b/README.rst
@ -313,3 +313,33 @@ Set permissions:
 .. code:: bash

    chmod 700 /etc/cron.hourly/update-certidude-user-whitelist
+
+
+Automating certificate setup
+----------------------------
+
+Ubuntu 14.04 based desktops come with NetworkManager installed.
+Create ``/etc/NetworkManager/dispatcher.d/certidude`` with following content:
+
+.. code:: bash
+
+    #!/bin/sh -e
+    # Set up certificates for IPSec connection
+
+    case "$2" in
+        up)
+            LANG=C.UTF-8 /usr/local/bin/certidude setup strongswan networkmanager http://ca.example.org/api/laptops/ gateway.example.org
+        ;;
+    esac
+
+Finally make it executable:
+
+.. code:: bash
+
+    chmod +x /etc/NetworkManager/dispatcher.d/certidude
+
+Whenever a wired or wireless connection is brought up,
+the dispatcher invokes ``certidude`` in order to generate RSA keys,
+submit CSR, fetch signed certificate,
+create NetworkManager configuration for the VPN connection and
+finally to bring up the VPN tunnel as well.