summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rwxr-xr-xshare/hydra/import-certs28
1 files changed, 28 insertions, 0 deletions
diff --git a/share/hydra/import-certs b/share/hydra/import-certs
index 63cb935..74f8d21 100755
--- a/share/hydra/import-certs
+++ b/share/hydra/import-certs
@@ -55,6 +55,8 @@ EOF
keyringer $HYDRA ls -1 ssl/ | grep crt | while read cert; do
cert="`basename $cert .asc`"
priv="`basename $cert .crt`.pem"
+ prefix="`basename $cert .crt`"
+ domain="`facter domain`"
$HYDRA_CONNECT $hostname <<EOF
sudo touch /etc/ssl/certs/$cert
@@ -72,5 +74,31 @@ EOF
echo "Importing $priv from keyringer to $hostname:/etc/ssl/private..."
keyringer $HYDRA decrypt ssl/$priv | \
$HYDRA_CONNECT $hostname "cat - | sudo tee /etc/ssl/private/$priv > /dev/null"
+
+ # Post-processing
+ $HYDRA_CONNECT $hostname <<EOF
+ # Symlinks for the main cert and key
+ if [ "$prefix" == "$domain" ] && [ -e "" ]; then
+ cd /etc/ssl/certs && sudo ln -s $cert cert.crt
+ cd /etc/ssl/private && sudo ln -s $priv cert.pem
+ fi
+
+ # Concatenated cert
+ cd /etc/ssl/private
+ sudo touch $prefix-concat.pem
+ sudo chown root.ssl-cert $prefix-concat.pem
+ sudo chmod 640 $prefix-concat.pem
+ sudo cp /etc/ssl/certs/$cert $prefix-concat.pem
+ sudo cat $priv | sudo tee -a $prefix-concat.pem > /dev/null
+
+ # Restart services
+ services="apache2 postfix nginx lighttpd mumble"
+ for service in \$services; do
+ if systemctl list-units | grep active | grep -q $service'.service'; then
+ sudo service $service restart
+ fi
+ done
+EOF
+
done
done
generated by cgit v1.2.3 (git 2.39.1) at 2024-11-16 13:16:42 +0000