ssl_mgmt is a helper to manage SSL certificates: creation, renewal and removal.
So far, only renewal is supported.
ssl_mgmt refers to certificates through the service they are associated with.
*** EXAMPLES ***
To renew the certificate associated to HTTPS, the command line is:
ssl_mgmt renew https
If you want to renew certificates of all services, you should do:
ssl_mgmt renew all
Note: This suppose that
* all services are listed in managedCerts in the configuration file whether
directly or by setting its value from a file;
* the root CA is already created;
* /usr/local/lib/ssl_mgmt contains an openssl configuration file template
named openssl.cnf.in, a file serial containing a hex number indicating the
number of signed certificates so far, a file index.txt with a list (possibly
empty) of all certificates signed so far and the directories newcerts,
newkeys and csr.
The file system hierarchy assumed is:
To use this script, you need to have accessed to all the file above as well as
the configuration file and the files mentionned in it and the certificate you
wish to renew. You also need to have the right to create a new certificate
with the same rights.
You should install it in a directory within the PATH of the root user, such
as /usr/local/sbin and its working directory in ../lib relative to where the
scripts lies, such as /usr/local/lib/sbin.