You cannot select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
Thomas Preud'homme bfa3d78fca Fix ssl_mgmt after openssl -text output change
The output of openssl x509 -text changed from lines like:


to lines like:

O = foo, OU = bar

This commit adapts the code to that change. TODO: A machine readable
output ought to be used instead.
6 years ago
tests [ssl_mgmt] Set ownership and rights of keycert 9 years ago
README [ssl_mgmt] Update documentation 10 years ago
TODO [ssl_mgmt] Add a TODO file 10 years ago
debian-admin_openssl_howto.html [ssl_mgmt] Add debian-admin openssl howto 10 years ago Fix ssl_mgmt after openssl -text output change 6 years ago
ssl_mgmt Fix ssl_mgmt after openssl -text output change 6 years ago
ssl_mgmt.conf [ssl_mgmt] Sign email sent to notifiedUsers 10 years ago


ssl_mgmt is a helper to manage SSL certificates: creation, renewal and removal.
So far, only renewal is supported.

ssl_mgmt refers to certificates through the service they are associated with.

*** EXAMPLES ***

To renew the certificate associated to HTTPS, the command line is:
 ssl_mgmt renew https

If you want to renew certificates of all services, you should do:
 ssl_mgmt renew all

Note: This suppose that
 * all services are listed in managedCerts in the configuration file whether
   directly or by setting its value from a file;
 * the root CA is already created;
 * /usr/local/lib/ssl_mgmt contains an openssl configuration file template
   named, a file serial containing a hex number indicating the
   number of signed certificates so far, a file index.txt with a list (possibly
   empty) of all certificates signed so far and the directories newcerts,
   newkeys and csr.

The file system hierarchy assumed is:
├── csr
├── index.txt
├── index.txt.attr
├── newcerts
├── newkeys
└── serial

To use this script, you need to have accessed to all the file above as well as
the configuration file and the files mentionned in it and the certificate you
wish to renew. You also need to have the right to create a new certificate
with the same rights.

You should install it in a directory within the PATH of the root user, such
as /usr/local/sbin and its working directory in ../lib relative to where the
scripts lies, such as /usr/local/lib/sbin.