ansible-role-easy-rsa/templates/renew-client-host-certifica...

54 lines
1.5 KiB
Plaintext
Raw Normal View History

2022-01-19 18:42:25 +01:00
#!/bin/bash
2023-01-27 13:13:14 +01:00
_retval=
2022-01-19 18:42:25 +01:00
host_arg=
if [ $# -ne 1 ] ; then
2023-01-27 13:13:14 +01:00
echo "You need to pass just one argument: the full hostname for wich the certificate renewal is required"
2022-01-19 18:42:25 +01:00
exit 1
else
host_arg="$1"
fi
easy_rsa_base_dir={{ easy_rsa_pki_basedir }}
easy_rsa_issued_dir="${easy_rsa_base_dir}/pki/issued"
easy_rsa_keys_dir="${easy_rsa_base_dir}/pki/private"
2023-01-27 13:13:14 +01:00
easy_rsa_reqs_dir="${easy_rsa_base_dir}/pki/reqs"
2022-01-19 18:42:25 +01:00
easy_vars_file="${easy_rsa_base_dir}/vars"
if [ -f "${easy_vars_file}.tmpl" ] ; then
echo "There's a template file ${easy_vars_file}.tmpl present. Check that nothing wrong happened, then remove it before proceeding."
exit 1
fi
2023-01-27 13:13:14 +01:00
if [ -f "${easy_rsa_issued_dir}/${host_arg}.crt" ] ; then
rm -f "${easy_rsa_issued_dir}/${host_arg}.crt"
rm -f "${easy_rsa_keys_dir}/${host_arg}.key"
rm -f "${easy_rsa_reqs_dir}/${host_arg}.req"
else
echo "No previous certificate exists. This is not a renewal, aborting."
exit 1
fi
2022-01-19 18:42:25 +01:00
echo ""
2023-01-27 13:13:14 +01:00
echo "Starting the creation of the client host certificate."
2022-01-19 18:42:25 +01:00
echo ""
cd "$easy_rsa_base_dir"
2023-01-27 13:13:14 +01:00
./easyrsa build-client-full "$host_arg" nopass
retval=$?
2022-01-19 18:42:25 +01:00
2023-01-27 13:13:14 +01:00
if [ $retval -eq 0 ] ; then
echo ""
echo "Done."
echo "The certificate file is ${easy_rsa_issued_dir}/${host_arg}.crt"
echo "The private key file is ${easy_rsa_keys_dir}/${host_arg}.key"
echo ""
echo "Remember that the key of the host certificates do not passphrase protected"
else
echo ""
echo "Something went wrong, the certificate creation failed"
echo ""
fi
2022-01-19 18:42:25 +01:00
exit 0