You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
The output of openssl x509 -text changed from lines like: O=foo/OU=bar to lines like: O = foo, OU = bar This commit adapts the code to that change. TODO: A machine readable output ought to be used instead.
|5 years ago|
|tests||8 years ago|
|README||9 years ago|
|TODO||9 years ago|
|debian-admin_openssl_howto.html||9 years ago|
|openssl.cnf.in||5 years ago|
|ssl_mgmt||5 years ago|
|ssl_mgmt.conf||9 years ago|
ssl_mgmt is a helper to manage SSL certificates: creation, renewal and removal.
So far, only renewal is supported.
ssl_mgmt refers to certificates through the service they are associated with.
*** EXAMPLES ***
To renew the certificate associated to HTTPS, the command line is:
ssl_mgmt renew https
If you want to renew certificates of all services, you should do:
ssl_mgmt renew all
Note: This suppose that
* all services are listed in managedCerts in the configuration file whether
directly or by setting its value from a file;
* the root CA is already created;
* /usr/local/lib/ssl_mgmt contains an openssl configuration file template
named openssl.cnf.in, a file serial containing a hex number indicating the
number of signed certificates so far, a file index.txt with a list (possibly
empty) of all certificates signed so far and the directories newcerts,
newkeys and csr.
The file system hierarchy assumed is:
To use this script, you need to have accessed to all the file above as well as
the configuration file and the files mentionned in it and the certificate you
wish to renew. You also need to have the right to create a new certificate
with the same rights.
You should install it in a directory within the PATH of the root user, such
as /usr/local/sbin and its working directory in ../lib relative to where the
scripts lies, such as /usr/local/lib/sbin.