scripts/ssl_mgmt
Thomas Preud'homme bfa3d78fca Fix ssl_mgmt after openssl -text output change
The output of openssl x509 -text changed from lines like:

O=foo/OU=bar

to lines like:

O = foo, OU = bar

This commit adapts the code to that change. TODO: A machine readable
output ought to be used instead.
2018-05-31 20:46:46 +01:00
..
tests [ssl_mgmt] Set ownership and rights of keycert 2014-11-04 23:02:27 +00:00
README [ssl_mgmt] Update documentation 2014-05-05 23:02:12 +08:00
TODO [ssl_mgmt] Add a TODO file 2014-05-11 15:42:02 +08:00
debian-admin_openssl_howto.html [ssl_mgmt] Add debian-admin openssl howto 2014-05-03 17:54:31 +08:00
openssl.cnf.in Fix ssl_mgmt after openssl -text output change 2018-05-31 20:46:46 +01:00
ssl_mgmt Fix ssl_mgmt after openssl -text output change 2018-05-31 20:46:46 +01:00
ssl_mgmt.conf [ssl_mgmt] Sign email sent to notifiedUsers 2014-05-19 23:21:20 +08:00

README

ssl_mgmt is a helper to manage SSL certificates: creation, renewal and removal.
So far, only renewal is supported.

ssl_mgmt refers to certificates through the service they are associated with.

*** EXAMPLES ***

To renew the certificate associated to HTTPS, the command line is:
 ssl_mgmt renew https

If you want to renew certificates of all services, you should do:
 ssl_mgmt renew all

Note: This suppose that
 * all services are listed in managedCerts in the configuration file whether
   directly or by setting its value from a file;
 * the root CA is already created;
 * /usr/local/lib/ssl_mgmt contains an openssl configuration file template
   named openssl.cnf.in, a file serial containing a hex number indicating the
   number of signed certificates so far, a file index.txt with a list (possibly
   empty) of all certificates signed so far and the directories newcerts,
   newkeys and csr.

The file system hierarchy assumed is:
/usr/local/lib/ssl_mgmt
├── csr
├── index.txt
├── index.txt.attr
├── newcerts
├── newkeys
├── openssl.cnf.in
└── serial

To use this script, you need to have accessed to all the file above as well as
the configuration file and the files mentionned in it and the certificate you
wish to renew. You also need to have the right to create a new certificate
with the same rights.

You should install it in a directory within the PATH of the root user, such
as /usr/local/sbin and its working directory in ../lib relative to where the
scripts lies, such as /usr/local/lib/sbin.