Backport some fixes.
This commit is contained in:
parent
2b61560c77
commit
498405318d
|
@ -0,0 +1,36 @@
|
||||||
|
#!/bin/bash
|
||||||
|
|
||||||
|
#set -e
|
||||||
|
|
||||||
|
PUB_CERTS_DIR="/srv/CA/pki/issued"
|
||||||
|
|
||||||
|
# 1 day in seconds 86400
|
||||||
|
# 7 days in seconds: 604800
|
||||||
|
# 30 days in seconds: 2592000
|
||||||
|
DAYS="2592000"
|
||||||
|
RETVAL=
|
||||||
|
|
||||||
|
# Email settings
|
||||||
|
_sub=" will expire within $DAYS seconds (30 days):"
|
||||||
|
_from="isti-ca-noreply@isti.cnr.it"
|
||||||
|
_to="s2i2s@isti.cnr.it"
|
||||||
|
_openssl="/usr/bin/openssl"
|
||||||
|
|
||||||
|
for cert in "$PUB_CERTS_DIR/"*.crt ; do
|
||||||
|
#echo -n "$cert: "
|
||||||
|
#$_openssl x509 -enddate -noout -in "$cert" -checkend "$DAYS" | grep -q 'notAfter'
|
||||||
|
expiry_date=$( $_openssl x509 -enddate -noout -in "$cert" -checkend "$DAYS" )
|
||||||
|
RETVAL=$?
|
||||||
|
#echo "RETVAL: $RETVAL"
|
||||||
|
|
||||||
|
# Send email
|
||||||
|
if [ $RETVAL -ne 0 ] ; then
|
||||||
|
echo "$cert ${_sub} $expiry_date"
|
||||||
|
# mail -s "$cert $_sub" -r "$_from" "$_to" <<< "Warning: The TLS/SSL certificate ($cert) will expire soon on $HOSTNAME [$(date)]: $expiry_date"
|
||||||
|
# # See https://www.cyberciti.biz/mobile-devices/android/how-to-push-send-message-to-ios-and-android-from-linux-cli/ #
|
||||||
|
# source ~/bin/cli_app.sh
|
||||||
|
# push_to_mobile "$0" "$_sub. See $_to email for detailed log. -- $HOSTNAME " >/dev/null
|
||||||
|
fi
|
||||||
|
done
|
||||||
|
|
||||||
|
exit 0
|
|
@ -1,5 +1,7 @@
|
||||||
#!/bin/bash
|
#!/bin/bash
|
||||||
|
|
||||||
|
_retval=
|
||||||
|
|
||||||
host_arg=
|
host_arg=
|
||||||
if [ $# -ne 1 ] ; then
|
if [ $# -ne 1 ] ; then
|
||||||
echo "You need to pass just one argument: the full hostname for wich the certificate is required"
|
echo "You need to pass just one argument: the full hostname for wich the certificate is required"
|
||||||
|
@ -11,24 +13,43 @@ fi
|
||||||
easy_rsa_base_dir={{ easy_rsa_pki_basedir }}
|
easy_rsa_base_dir={{ easy_rsa_pki_basedir }}
|
||||||
easy_rsa_issued_dir="${easy_rsa_base_dir}/pki/issued"
|
easy_rsa_issued_dir="${easy_rsa_base_dir}/pki/issued"
|
||||||
easy_rsa_keys_dir="${easy_rsa_base_dir}/pki/private"
|
easy_rsa_keys_dir="${easy_rsa_base_dir}/pki/private"
|
||||||
|
easy_rsa_reqs_dir="${easy_rsa_base_dir}/pki/reqs"
|
||||||
easy_vars_file="${easy_rsa_base_dir}/vars"
|
easy_vars_file="${easy_rsa_base_dir}/vars"
|
||||||
if [ -f "${easy_vars_file}.tmpl" ] ; then
|
if [ -f "${easy_vars_file}.tmpl" ] ; then
|
||||||
echo "There's a template file ${easy_vars_file}.tmpl present. Check that nothing wrong happened, then remove it before proceeding."
|
echo "There's a template file ${easy_vars_file}.tmpl present. Check that nothing wrong happened, then remove it before proceeding."
|
||||||
exit 1
|
exit 1
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
if [ -f "${easy_rsa_issued_dir}/${host_arg}.crt" ] ; then
|
||||||
|
echo ""
|
||||||
|
echo "A certificate already exists"
|
||||||
|
echo "If you want to renew it, then remove the following files and run che command again:"
|
||||||
|
echo "${easy_rsa_issued_dir}/${host_arg}.crt"
|
||||||
|
echo "${easy_rsa_keys_dir}/${host_arg}.key"
|
||||||
|
echo "${easy_rsa_reqs_dir}/${host_arg}.req"
|
||||||
|
echo ""
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
|
||||||
echo ""
|
echo ""
|
||||||
echo "Starting the creation of a client host certificate."
|
echo "Starting the creation of a client host certificate."
|
||||||
echo ""
|
echo ""
|
||||||
|
|
||||||
cd "$easy_rsa_base_dir"
|
cd "$easy_rsa_base_dir"
|
||||||
./easyrsa build-client-full "$host_arg" nopass
|
./easyrsa build-client-full "$host_arg" nopass
|
||||||
|
retval=$?
|
||||||
|
|
||||||
echo ""
|
if [ $retval -eq 0 ] ; then
|
||||||
echo "Done."
|
echo ""
|
||||||
echo "The certificate file is ${easy_rsa_issued_dir}/${host_arg}.crt"
|
echo "Done."
|
||||||
echo "The private key file is ${easy_rsa_keys_dir}/${host_arg}.key"
|
echo "The certificate file is ${easy_rsa_issued_dir}/${host_arg}.crt"
|
||||||
echo ""
|
echo "The private key file is ${easy_rsa_keys_dir}/${host_arg}.key"
|
||||||
echo "Remember that the key of the host certificates do not passphrase protected"
|
echo ""
|
||||||
|
echo "Remember that the key of the host certificates do not passphrase protected"
|
||||||
|
else
|
||||||
|
echo ""
|
||||||
|
echo "Something went wrong, the certificate creation failed"
|
||||||
|
echo ""
|
||||||
|
fi
|
||||||
|
|
||||||
exit 0
|
exit 0
|
||||||
|
|
|
@ -1,5 +1,7 @@
|
||||||
#!/bin/bash
|
#!/bin/bash
|
||||||
|
|
||||||
|
_retval=
|
||||||
|
|
||||||
name_arg=
|
name_arg=
|
||||||
email_arg=
|
email_arg=
|
||||||
if [ $# -ne 2 ] ; then
|
if [ $# -ne 2 ] ; then
|
||||||
|
@ -13,12 +15,24 @@ fi
|
||||||
easy_rsa_base_dir={{ easy_rsa_pki_basedir }}
|
easy_rsa_base_dir={{ easy_rsa_pki_basedir }}
|
||||||
easy_rsa_issued_dir="${easy_rsa_base_dir}/pki/issued"
|
easy_rsa_issued_dir="${easy_rsa_base_dir}/pki/issued"
|
||||||
easy_rsa_keys_dir="${easy_rsa_base_dir}/pki/private"
|
easy_rsa_keys_dir="${easy_rsa_base_dir}/pki/private"
|
||||||
|
easy_rsa_reqs_dir="${easy_rsa_base_dir}/pki/reqs"
|
||||||
easy_vars_file="${easy_rsa_base_dir}/vars"
|
easy_vars_file="${easy_rsa_base_dir}/vars"
|
||||||
if [ -f "${easy_vars_file}.tmpl" ] ; then
|
if [ -f "${easy_vars_file}.tmpl" ] ; then
|
||||||
echo "There's a template file ${easy_vars_file}.tmpl present. Check that nothing wrong happened, then remove it before proceeding."
|
echo "There's a template file ${easy_vars_file}.tmpl present. Check that nothing wrong happened, then remove it before proceeding."
|
||||||
exit 1
|
exit 1
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
if [ -f "${easy_rsa_issued_dir}/${name_arg}.crt" ] ; then
|
||||||
|
echo ""
|
||||||
|
echo "A certificate already exists"
|
||||||
|
echo "If you want to renew it, then remove the following files and run che command again:"
|
||||||
|
echo "${easy_rsa_issued_dir}/${name_arg}.crt"
|
||||||
|
echo "${easy_rsa_keys_dir}/${name_arg}.key"
|
||||||
|
echo "${easy_rsa_reqs_dir}/${name_arg}.req"
|
||||||
|
echo ""
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
|
||||||
echo ""
|
echo ""
|
||||||
echo "Starting the creation of a client host certificate."
|
echo "Starting the creation of a client host certificate."
|
||||||
echo "Remember that you need to supply a passphrase for the private key."
|
echo "Remember that you need to supply a passphrase for the private key."
|
||||||
|
@ -32,10 +46,18 @@ sed -i -e "s/{{ easy_rsa_req_email }}/$email_arg/g" "$easy_vars_file"
|
||||||
./easyrsa build-client-full "$name_arg"
|
./easyrsa build-client-full "$name_arg"
|
||||||
mv -f "${easy_vars_file}.tmpl" "$easy_vars_file"
|
mv -f "${easy_vars_file}.tmpl" "$easy_vars_file"
|
||||||
|
|
||||||
echo ""
|
retval=$?
|
||||||
echo "Done."
|
|
||||||
echo "The certificate file is ${easy_rsa_issued_dir}/${name_arg}.crt"
|
if [ $retval -eq 0 ] ; then
|
||||||
echo "The private key file is ${easy_rsa_keys_dir}/${name_arg}.key"
|
echo ""
|
||||||
echo ""
|
echo "Done."
|
||||||
|
echo "The certificate file is ${easy_rsa_issued_dir}/${name_arg}.crt"
|
||||||
|
echo "The private key file is ${easy_rsa_keys_dir}/${name_arg}.key"
|
||||||
|
echo ""
|
||||||
|
else
|
||||||
|
echo ""
|
||||||
|
echo "Something went wrong, the certificate creation failed"
|
||||||
|
echo ""
|
||||||
|
fi
|
||||||
|
|
||||||
exit 0
|
exit 0
|
||||||
|
|
|
@ -1,5 +1,7 @@
|
||||||
#!/bin/bash
|
#!/bin/bash
|
||||||
|
|
||||||
|
_retval=
|
||||||
|
|
||||||
host_arg=
|
host_arg=
|
||||||
if [ $# -ne 1 ] ; then
|
if [ $# -ne 1 ] ; then
|
||||||
echo "You need to pass just one argument: the full hostname for wich the certificate is required"
|
echo "You need to pass just one argument: the full hostname for wich the certificate is required"
|
||||||
|
@ -11,24 +13,43 @@ fi
|
||||||
easy_rsa_base_dir={{ easy_rsa_pki_basedir }}
|
easy_rsa_base_dir={{ easy_rsa_pki_basedir }}
|
||||||
easy_rsa_issued_dir="${easy_rsa_base_dir}/pki/issued"
|
easy_rsa_issued_dir="${easy_rsa_base_dir}/pki/issued"
|
||||||
easy_rsa_keys_dir="${easy_rsa_base_dir}/pki/private"
|
easy_rsa_keys_dir="${easy_rsa_base_dir}/pki/private"
|
||||||
|
easy_rsa_reqs_dir="${easy_rsa_base_dir}/pki/reqs"
|
||||||
easy_vars_file="${easy_rsa_base_dir}/vars"
|
easy_vars_file="${easy_rsa_base_dir}/vars"
|
||||||
if [ -f "${easy_vars_file}.tmpl" ] ; then
|
if [ -f "${easy_vars_file}.tmpl" ] ; then
|
||||||
echo "There's a template file ${easy_vars_file}.tmpl present. Check that nothing wrong happened, then remove it before proceeding."
|
echo "There's a template file ${easy_vars_file}.tmpl present. Check that nothing wrong happened, then remove it before proceeding."
|
||||||
exit 1
|
exit 1
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
if [ -f "${easy_rsa_issued_dir}/${host_arg}.crt" ] ; then
|
||||||
|
echo ""
|
||||||
|
echo "A certificate already exists"
|
||||||
|
echo "If you want to renew it, then remove the following files and run che command again:"
|
||||||
|
echo "${easy_rsa_issued_dir}/${host_arg}.crt"
|
||||||
|
echo "${easy_rsa_keys_dir}/${host_arg}.key"
|
||||||
|
echo "${easy_rsa_reqs_dir}/${host_arg}.req"
|
||||||
|
echo ""
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
|
||||||
echo ""
|
echo ""
|
||||||
echo "Starting the creation of a server host certificate."
|
echo "Starting the creation of a server host certificate."
|
||||||
echo ""
|
echo ""
|
||||||
|
|
||||||
cd "$easy_rsa_base_dir"
|
cd "$easy_rsa_base_dir"
|
||||||
./easyrsa build-server-full "$host_arg" nopass
|
./easyrsa build-server-full "$host_arg" nopass
|
||||||
|
retval=$?
|
||||||
|
|
||||||
echo ""
|
if [ $retval -eq 0 ] ; then
|
||||||
echo "Done."
|
echo ""
|
||||||
echo "The certificate file is ${easy_rsa_issued_dir}/${host_arg}.crt"
|
echo "Done."
|
||||||
echo "The private key file is ${easy_rsa_keys_dir}/${host_arg}.key"
|
echo "The certificate file is ${easy_rsa_issued_dir}/${host_arg}.crt"
|
||||||
echo ""
|
echo "The private key file is ${easy_rsa_keys_dir}/${host_arg}.key"
|
||||||
echo "Remember that the key of the host certificates do not passphrase protected"
|
echo ""
|
||||||
|
echo "Remember that the key of the host certificates do not passphrase protected"
|
||||||
|
else
|
||||||
|
echo ""
|
||||||
|
echo "Something went wrong, the certificate creation failed"
|
||||||
|
echo ""
|
||||||
|
fi
|
||||||
|
|
||||||
exit 0
|
exit 0
|
||||||
|
|
|
@ -21,4 +21,5 @@ easy_rsa_helper_scripts:
|
||||||
- 'renew-client-host-certificate'
|
- 'renew-client-host-certificate'
|
||||||
- 'renew-server-host-certificate'
|
- 'renew-server-host-certificate'
|
||||||
- 'renew-personal-certificate'
|
- 'renew-personal-certificate'
|
||||||
|
- 'check-x509-certs-expiration-date'
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue