mirror of
https://github.com/laurivosandi/certidude
synced 2024-09-28 21:11:42 +00:00
Lauri Võsandi
4e4b551cc2
* Reverse RDN components for all certs * Less side effects in unittests * Split help dialog shell snippets into separate files * Restore 'admin subnets' config option * Embedded subnets, IKE and ESP proposals now configurable in builder.conf * Use expr instead of bc for math operations in shell * Better frontend support for Let's Encrypt certificates
15 lines
959 B
Bash
15 lines
959 B
Bash
echo {{ session.authority.certificate.md5sum }} /etc/certidude/authority/{{ authority_name }}/ca_cert.pem | md5sum -c \
|
|
|| rm -fv /etc/certidude/authority/{{ authority_name }}/*.pem
|
|
{% include "snippets/store-authority.sh" %}
|
|
test -e /etc/certidude/authority/{{ authority_name }}/host_key.pem \
|
|
|| {% if session.authority.certificate.algorithm == "ec" %}openssl ecparam -name secp384r1 -genkey -noout \
|
|
-out /etc/certidude/authority/{{ authority_name }}/host_key.pem{% else %}openssl genrsa \
|
|
-out /etc/certidude/authority/{{ authority_name }}/host_key.pem 2048{% endif %}
|
|
test -e /etc/certidude/authority/{{ authority_name }}/host_req.pem \
|
|
|| openssl req -new -sha384 -subj "/CN=$NAME" \
|
|
-key /etc/certidude/authority/{{ authority_name }}/host_key.pem \
|
|
-out /etc/certidude/authority/{{ authority_name }}/host_req.pem
|
|
echo "If CSR submission fails, you can copy paste it to Certidude:"
|
|
cat /etc/certidude/authority/{{ authority_name }}/host_req.pem
|
|
|