Backport some fixes.

This commit is contained in:
Andrea Dell'Amico 2022-01-19 18:52:58 +01:00
parent 2b61560c77
commit 498405318d
Signed by: adellam
GPG Key ID: 147ABE6CEB9E20FF
5 changed files with 118 additions and 17 deletions

View File

@ -0,0 +1,36 @@
#!/bin/bash
#set -e
PUB_CERTS_DIR="/srv/CA/pki/issued"
# 1 day in seconds 86400
# 7 days in seconds: 604800
# 30 days in seconds: 2592000
DAYS="2592000"
RETVAL=
# Email settings
_sub=" will expire within $DAYS seconds (30 days):"
_from="isti-ca-noreply@isti.cnr.it"
_to="s2i2s@isti.cnr.it"
_openssl="/usr/bin/openssl"
for cert in "$PUB_CERTS_DIR/"*.crt ; do
#echo -n "$cert: "
#$_openssl x509 -enddate -noout -in "$cert" -checkend "$DAYS" | grep -q 'notAfter'
expiry_date=$( $_openssl x509 -enddate -noout -in "$cert" -checkend "$DAYS" )
RETVAL=$?
#echo "RETVAL: $RETVAL"
# Send email
if [ $RETVAL -ne 0 ] ; then
echo "$cert ${_sub} $expiry_date"
# mail -s "$cert $_sub" -r "$_from" "$_to" <<< "Warning: The TLS/SSL certificate ($cert) will expire soon on $HOSTNAME [$(date)]: $expiry_date"
# # See https://www.cyberciti.biz/mobile-devices/android/how-to-push-send-message-to-ios-and-android-from-linux-cli/ #
# source ~/bin/cli_app.sh
# push_to_mobile "$0" "$_sub. See $_to email for detailed log. -- $HOSTNAME " >/dev/null
fi
done
exit 0

View File

@ -1,5 +1,7 @@
#!/bin/bash
_retval=
host_arg=
if [ $# -ne 1 ] ; then
echo "You need to pass just one argument: the full hostname for wich the certificate is required"
@ -11,24 +13,43 @@ fi
easy_rsa_base_dir={{ easy_rsa_pki_basedir }}
easy_rsa_issued_dir="${easy_rsa_base_dir}/pki/issued"
easy_rsa_keys_dir="${easy_rsa_base_dir}/pki/private"
easy_rsa_reqs_dir="${easy_rsa_base_dir}/pki/reqs"
easy_vars_file="${easy_rsa_base_dir}/vars"
if [ -f "${easy_vars_file}.tmpl" ] ; then
echo "There's a template file ${easy_vars_file}.tmpl present. Check that nothing wrong happened, then remove it before proceeding."
exit 1
fi
if [ -f "${easy_rsa_issued_dir}/${host_arg}.crt" ] ; then
echo ""
echo "A certificate already exists"
echo "If you want to renew it, then remove the following files and run che command again:"
echo "${easy_rsa_issued_dir}/${host_arg}.crt"
echo "${easy_rsa_keys_dir}/${host_arg}.key"
echo "${easy_rsa_reqs_dir}/${host_arg}.req"
echo ""
exit 1
fi
echo ""
echo "Starting the creation of a client host certificate."
echo ""
cd "$easy_rsa_base_dir"
./easyrsa build-client-full "$host_arg" nopass
retval=$?
echo ""
echo "Done."
echo "The certificate file is ${easy_rsa_issued_dir}/${host_arg}.crt"
echo "The private key file is ${easy_rsa_keys_dir}/${host_arg}.key"
echo ""
echo "Remember that the key of the host certificates do not passphrase protected"
if [ $retval -eq 0 ] ; then
echo ""
echo "Done."
echo "The certificate file is ${easy_rsa_issued_dir}/${host_arg}.crt"
echo "The private key file is ${easy_rsa_keys_dir}/${host_arg}.key"
echo ""
echo "Remember that the key of the host certificates do not passphrase protected"
else
echo ""
echo "Something went wrong, the certificate creation failed"
echo ""
fi
exit 0

View File

@ -1,5 +1,7 @@
#!/bin/bash
_retval=
name_arg=
email_arg=
if [ $# -ne 2 ] ; then
@ -13,12 +15,24 @@ fi
easy_rsa_base_dir={{ easy_rsa_pki_basedir }}
easy_rsa_issued_dir="${easy_rsa_base_dir}/pki/issued"
easy_rsa_keys_dir="${easy_rsa_base_dir}/pki/private"
easy_rsa_reqs_dir="${easy_rsa_base_dir}/pki/reqs"
easy_vars_file="${easy_rsa_base_dir}/vars"
if [ -f "${easy_vars_file}.tmpl" ] ; then
echo "There's a template file ${easy_vars_file}.tmpl present. Check that nothing wrong happened, then remove it before proceeding."
exit 1
fi
if [ -f "${easy_rsa_issued_dir}/${name_arg}.crt" ] ; then
echo ""
echo "A certificate already exists"
echo "If you want to renew it, then remove the following files and run che command again:"
echo "${easy_rsa_issued_dir}/${name_arg}.crt"
echo "${easy_rsa_keys_dir}/${name_arg}.key"
echo "${easy_rsa_reqs_dir}/${name_arg}.req"
echo ""
exit 1
fi
echo ""
echo "Starting the creation of a client host certificate."
echo "Remember that you need to supply a passphrase for the private key."
@ -32,10 +46,18 @@ sed -i -e "s/{{ easy_rsa_req_email }}/$email_arg/g" "$easy_vars_file"
./easyrsa build-client-full "$name_arg"
mv -f "${easy_vars_file}.tmpl" "$easy_vars_file"
echo ""
echo "Done."
echo "The certificate file is ${easy_rsa_issued_dir}/${name_arg}.crt"
echo "The private key file is ${easy_rsa_keys_dir}/${name_arg}.key"
echo ""
retval=$?
if [ $retval -eq 0 ] ; then
echo ""
echo "Done."
echo "The certificate file is ${easy_rsa_issued_dir}/${name_arg}.crt"
echo "The private key file is ${easy_rsa_keys_dir}/${name_arg}.key"
echo ""
else
echo ""
echo "Something went wrong, the certificate creation failed"
echo ""
fi
exit 0

View File

@ -1,5 +1,7 @@
#!/bin/bash
_retval=
host_arg=
if [ $# -ne 1 ] ; then
echo "You need to pass just one argument: the full hostname for wich the certificate is required"
@ -11,24 +13,43 @@ fi
easy_rsa_base_dir={{ easy_rsa_pki_basedir }}
easy_rsa_issued_dir="${easy_rsa_base_dir}/pki/issued"
easy_rsa_keys_dir="${easy_rsa_base_dir}/pki/private"
easy_rsa_reqs_dir="${easy_rsa_base_dir}/pki/reqs"
easy_vars_file="${easy_rsa_base_dir}/vars"
if [ -f "${easy_vars_file}.tmpl" ] ; then
echo "There's a template file ${easy_vars_file}.tmpl present. Check that nothing wrong happened, then remove it before proceeding."
exit 1
fi
if [ -f "${easy_rsa_issued_dir}/${host_arg}.crt" ] ; then
echo ""
echo "A certificate already exists"
echo "If you want to renew it, then remove the following files and run che command again:"
echo "${easy_rsa_issued_dir}/${host_arg}.crt"
echo "${easy_rsa_keys_dir}/${host_arg}.key"
echo "${easy_rsa_reqs_dir}/${host_arg}.req"
echo ""
exit 1
fi
echo ""
echo "Starting the creation of a server host certificate."
echo ""
cd "$easy_rsa_base_dir"
./easyrsa build-server-full "$host_arg" nopass
retval=$?
echo ""
echo "Done."
echo "The certificate file is ${easy_rsa_issued_dir}/${host_arg}.crt"
echo "The private key file is ${easy_rsa_keys_dir}/${host_arg}.key"
echo ""
echo "Remember that the key of the host certificates do not passphrase protected"
if [ $retval -eq 0 ] ; then
echo ""
echo "Done."
echo "The certificate file is ${easy_rsa_issued_dir}/${host_arg}.crt"
echo "The private key file is ${easy_rsa_keys_dir}/${host_arg}.key"
echo ""
echo "Remember that the key of the host certificates do not passphrase protected"
else
echo ""
echo "Something went wrong, the certificate creation failed"
echo ""
fi
exit 0

View File

@ -21,4 +21,5 @@ easy_rsa_helper_scripts:
- 'renew-client-host-certificate'
- 'renew-server-host-certificate'
- 'renew-personal-certificate'
- 'check-x509-certs-expiration-date'