ssl_mgmt is a helper to manage SSL certificates: creation, renewal and removal.
So far, only renewal is supported.
ssl_mgmt refers to certificates through the service they are associated with.
*** EXAMPLES ***
To renew the certificate associated to HTTPS, the command line is:
ssl_mgmt renew https
If you want to renew certificates of all services, you should do:
ssl_mgmt renew all
Note: This suppose that
* all services are listed in /root/homemade_certs;
* directories have special rights so that newly created certificates
automatically get proper rights;
* the root CA is already created;
* openssl.cnf.in is copied in the CA hierarchy's root.
The file system hierarchy assumed is:
lrwxrwxrwx 1 root root 14 6 janv. 2010 certs -> /etc/ssl/certs
drws--S---+ 2 root ssl-cert 4096 23 janv. 2011 csr
-rw------- 1 root ssl-cert 1937 20 févr. 16:38 index.txt
-rw------- 1 root ssl-cert 20 20 févr. 16:38 index.txt.attr
drwSr-Sr--+ 2 root ssl-cert 4096 20 févr. 16:38 newcerts
drwSr-S---+ 2 root ssl-cert 4096 20 févr. 16:38 newkeys
-rw-r--r-- 1 root ssl-cert 1546 20 févr. 14:24 openssl.cnf.in
lrwxrwxrwx 1 root root 16 6 janv. 2010 private -> /etc/ssl/private
-rw------- 1 root ssl-cert 3 20 févr. 16:38 serial
About csr, newcerts and newkeys:
# file: usr/lib/ssl/CA/csr
# owner: root
# group: ssl-cert
# flags: ss-
user::rwx
group::---
other::---
default:user::rw-
default:group::r--
default:other::---
# file: usr/lib/ssl/CA/newcerts
# owner: root
# group: ssl-cert
# flags: ss-
user::rw-
group::r--
other::r--
default:user::rw-
default:group::r--
default:other::r--
# file: usr/lib/ssl/CA/newkeys
# owner: root
# group: ssl-cert
# flags: ss-
user::rw-
group::r--
other::---
default:user::rw-
default:group::r--
default:other::---
To use this script, you have to be root, or to be able to execute
commands with root privileges through sudo.
You should install it in a directory within the PATH of the root user,
such as /usr/local/sbin.
Matteo Cypriani
236e5afe48