diff --git a/README.rst b/README.rst index 53d26ef..4bc0f0c 100644 --- a/README.rst +++ b/README.rst @@ -313,3 +313,33 @@ Set permissions: .. code:: bash chmod 700 /etc/cron.hourly/update-certidude-user-whitelist + + +Automating certificate setup +---------------------------- + +Ubuntu 14.04 based desktops come with NetworkManager installed. +Create ``/etc/NetworkManager/dispatcher.d/certidude`` with following content: + +.. code:: bash + + #!/bin/sh -e + # Set up certificates for IPSec connection + + case "$2" in + up) + LANG=C.UTF-8 /usr/local/bin/certidude setup strongswan networkmanager http://ca.example.org/api/laptops/ gateway.example.org + ;; + esac + +Finally make it executable: + +.. code:: bash + + chmod +x /etc/NetworkManager/dispatcher.d/certidude + +Whenever a wired or wireless connection is brought up, +the dispatcher invokes ``certidude`` in order to generate RSA keys, +submit CSR, fetch signed certificate, +create NetworkManager configuration for the VPN connection and +finally to bring up the VPN tunnel as well.