Univention Bugzilla – Attachment 8087 Details for
Bug 30294
Automatic renewal of ssl certificates
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
Updated patch
file_30294.txt (text/plain), 2.65 KB, created by
Julius Hinrichs
on 2016-10-11 15:07 CEST
(
hide
)
Description:
Updated patch
Filename:
MIME Type:
Creator:
Julius Hinrichs
Created:
2016-10-11 15:07 CEST
Size:
2.65 KB
patch
obsolete
>Index: base/univention-ssl/make-certificates.sh >=================================================================== >--- base/univention-ssl/make-certificates.sh (Revision 72885) >+++ base/univention-ssl/make-certificates.sh (Arbeitskopie) >@@ -357,6 +357,51 @@ > ) > } > >+renew_all_certs () { >+ local CYRUSBASE="/var/lib/cyrus" >+ local ADBASE="/var/www/univention-ad-connector" >+ local RADIUSBASE="/etc/freeradius/ssl" >+ >+ eval "$(ucr shell domainname ssl/default/days)" >+ >+ cp -a "$SSLBASE" "${SSLBASE}_$(date +%d%m%Y)" >+ >+ openssl x509 -in "$SSLBASE/$CA/CAcert.pem" -out "$SSLBASE/$CA/NewCAcert.pem" \ >+ -days "$ssl_default_days" -passin "file:$SSLBASE/password" \ >+ -signkey "$SSLBASE/$CA/private/CAkey.pem" >+ mv "$SSLBASE/$CA/NewCAcert.pem" "$SSLBASE/$CA/CAcert.pem" >+ >+ cd "$SSLBASE" >+ for fqdn in *."$domainname"; do >+ renew_cert "$fqdn" "$ssl_default_days" >+ done >+ >+ cp "$SSLBASE/$CA/CAcert.pem" /var/www/ucs-root-ca.crt >+ >+ /usr/sbin/univention-certificate-check-validity >+ >+ if [ -d "$CYRUSBASE" ]; then >+ cp "$SSLBASE/$(hostname -f)/cert.pem" "$CYRUSBASE" >+ cp "$SSLBASE/$(hostname -f)/private.key" "$CYRUSBASE" >+ chown cyrus:mail "$CYRUSBASE/cert.pem" >+ chown cyrus:mail "$CYRUSBASE/private.key" >+ fi >+ >+ if [ -d "$ADBASE" ]; then >+ cp "$SSLBASE/$(hostname -f)/cert.pem" "$ADBASE" >+ cp "$SSLBASE/$(hostname -f)/private.key" "$ADBASE" >+ chgrp www-data "$ADBASE/cert.pem" >+ chgrp www-data "$ADBASE/private.key" >+ fi >+ >+ if [ -d "$RADIUSBASE" ]; then >+ cp "$SSLBASE/$(hostname -f)/cert.pem" "$RADIUSBASE" >+ cp "$SSLBASE$(hostname -f)/private.key" "$RADIUSBASE" >+ chown root:freerad "$RADIUSBASE/cert.pem" >+ chown root:freerad "$RADIUSBASE/private.key" >+ fi >+} >+ > # Parameter 1: Name des CN dessen Zertifikat wiederufen werden soll > > revoke_cert () { >Index: base/univention-ssl/univention-certificate >=================================================================== >--- base/univention-ssl/univention-certificate (Revision 72885) >+++ base/univention-ssl/univention-certificate (Arbeitskopie) >@@ -43,6 +43,7 @@ > echo " new" > echo " revoke" > echo " renew" >+ echo " renew-all" > echo " check" > echo " dump" > echo " list" >@@ -81,6 +82,7 @@ > new) command="$1" ;; > revoke) command="$1" ;; > renew) command="$1" ;; >+ renew-all) command="$1" name="DUMMY" ;; > check) command="$1" ;; > list) command="$1" name="DUMMY" ;; > dump) command="$1" ;; >@@ -123,6 +125,12 @@ > renew_cert "$name" "$days" > } > >+renew-all () { >+ run_only master exclusive >+ echo "Renew all certificates" >+ renew_all_certs >+} >+ > check () { > local rv=0 > run_only backup shared
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=8087">View the attachment on a separate page</a>.</b>
Actions:
View
|
Diff
Attachments on
bug 30294
:
8086
| 8087