42 lines
1.5 KiB
Plaintext
42 lines
1.5 KiB
Plaintext
ssl_mgmt is a helper to manage SSL certificates: creation, renewal and removal.
|
|
So far, only renewal is supported.
|
|
|
|
ssl_mgmt refers to certificates through the service they are associated with.
|
|
|
|
*** EXAMPLES ***
|
|
|
|
To renew the certificate associated to HTTPS, the command line is:
|
|
ssl_mgmt renew https
|
|
|
|
If you want to renew certificates of all services, you should do:
|
|
ssl_mgmt renew all
|
|
|
|
Note: This suppose that
|
|
* all services are listed in managedCerts in the configuration file whether
|
|
directly or by setting its value from a file;
|
|
* the root CA is already created;
|
|
* /usr/local/lib/ssl_mgmt contains an openssl configuration file template
|
|
named openssl.cnf.in, a file serial containing a hex number indicating the
|
|
number of signed certificates so far, a file index.txt with a list (possibly
|
|
empty) of all certificates signed so far and the directories newcerts,
|
|
newkeys and csr.
|
|
|
|
The file system hierarchy assumed is:
|
|
/usr/local/lib/ssl_mgmt
|
|
├── csr
|
|
├── index.txt
|
|
├── index.txt.attr
|
|
├── newcerts
|
|
├── newkeys
|
|
├── openssl.cnf.in
|
|
└── serial
|
|
|
|
To use this script, you need to have accessed to all the file above as well as
|
|
the configuration file and the files mentionned in it and the certificate you
|
|
wish to renew. You also need to have the right to create a new certificate
|
|
with the same rights.
|
|
|
|
You should install it in a directory within the PATH of the root user, such
|
|
as /usr/local/sbin and its working directory in ../lib relative to where the
|
|
scripts lies, such as /usr/local/lib/sbin.
|