mirror of
https://github.com/laurivosandi/certidude
synced 2024-11-01 02:56:24 +00:00
Lauri Võsandi
ce93fbb58b
* Improved offline install docs * Migrated token mechanism backend to SQL * Preliminary token mechanism frontend integration * Add clock skew tolerance for OCSP * Add 'ldap computer filter' support for Kerberized machine enroll * Include OCSP and CRL URL-s in certificates, controlled by profile.conf * Better certificate extension handling * Place DH parameters file in /etc/ssl/dhparam.pem * Always talk to CA over port 8443 for 'certidude enroll' * Hardened frontend nginx config * Separate log files for frontend nginx * Better provisioning heuristics * Add sample site.sh config for LEDE image builder * Add more device profiles for LEDE image builder * Various bugfixes and improvements
28 lines
748 B
Bash
Executable File
28 lines
748 B
Bash
Executable File
#!/bin/sh
|
|
|
|
AUTHORITY=certidude.@authority[0]
|
|
URL=https://$(uci get $AUTHORITY.hostname):8443
|
|
DIR=/etc/certidude/authority/$(uci get $AUTHORITY.hostname)
|
|
AUTHORITY_PATH=$DIR/ca_cert.pem
|
|
CERTIFICATE_PATH=$DIR/host_cert.pem
|
|
REQUEST_PATH=$DIR/host_req.pem
|
|
KEY_PATH=$DIR/host_key.pem
|
|
|
|
# TODO: fix Accepted 202 here
|
|
|
|
curl -f -L \
|
|
-H "Content-Type: application/pkcs10" \
|
|
--data-binary @$REQUEST_PATH \
|
|
--cacert $AUTHORITY_PATH \
|
|
--key $KEY_PATH \
|
|
--cert $CERTIFICATE_PATH \
|
|
$URL/api/request/ -o $CERTIFICATE_PATH.part
|
|
|
|
if [ $? -eq 0 ]; then
|
|
logger -t certidude -s "Certificate renewal successful"
|
|
mv $CERTIFICATE_PATH.part $CERTIFICATE_PATH
|
|
ipsec reload
|
|
else
|
|
logger -t certidude -s "Failed to renew certificate"
|
|
fi
|