diff options
author | Daniel Baumann <daniel.baumann@open-infrastructure.net> | 2023-03-07 13:21:03 +0000 |
---|---|---|
committer | Daniel Baumann <daniel.baumann@open-infrastructure.net> | 2023-03-21 19:20:14 +0000 |
commit | cab731a71cba0b0e088926847c25388142961ccd (patch) | |
tree | 4d46e848542522abb76c33190262fa7221f23003 | |
parent | Updating dehydrated todo. (diff) | |
download | service-tools-cab731a71cba0b0e088926847c25388142961ccd.tar.xz service-tools-cab731a71cba0b0e088926847c25388142961ccd.zip |
Adding preferred chain compatibility in deploy_cert.extra dehydrated hook.
Signed-off-by: Daniel Baumann <daniel.baumann@open-infrastructure.net>
Diffstat (limited to '')
-rw-r--r-- | dehydrated/share/hooks/.deploy_cert.extra.swp | bin | 0 -> 12288 bytes | |||
-rwxr-xr-x | dehydrated/share/hooks/deploy_cert.extra | 15 |
2 files changed, 14 insertions, 1 deletions
diff --git a/dehydrated/share/hooks/.deploy_cert.extra.swp b/dehydrated/share/hooks/.deploy_cert.extra.swp Binary files differnew file mode 100644 index 0000000..3a22538 --- /dev/null +++ b/dehydrated/share/hooks/.deploy_cert.extra.swp diff --git a/dehydrated/share/hooks/deploy_cert.extra b/dehydrated/share/hooks/deploy_cert.extra index 56ca2f4..cd1d3b9 100755 --- a/dehydrated/share/hooks/deploy_cert.extra +++ b/dehydrated/share/hooks/deploy_cert.extra @@ -25,9 +25,22 @@ echo -n " + Creating extra certificate files..." DIRECTORY="$(dirname "${CERTFILE}")" +if [ "$(grep -c 'BEGIN CERTIFICATE' ${FULLCHAINFILE})" -ge 3 ] +then + # long chain + # - chain.pem: R3 | ISRG Root X1 + # - fullchain.pem: Certificate | R3 | ISRG Root X1 + PEMFILE="${CHAINFILE}" +else + # short chain + # - chain.pem: R3 + # - fullchain.pem: Certificate | R3 + PEMFILE="${FULLCHAINFILE}" +fi + # root and intermediate CA TMPFILE="$(mktemp -p "${DIRECTORY}" -u ca.XXXXXXXXXX)" -grep -Ev '^$' "${CHAINFILE}" | csplit -f "${TMPFILE}" -s -z - '/-----BEGIN CERTIFICATE-----/' '{*}' +grep -Ev '^$' "${PEMFILE}" | csplit -f "${TMPFILE}" -s -z - '/-----BEGIN CERTIFICATE-----/' '{*}' mv "${TMPFILE}00" "${DIRECTORY}/intermediate-${TIMESTAMP}.pem" ln -sf "${DIRECTORY}/intermediate-${TIMESTAMP}.pem" "${DIRECTORY}/intermediate.pem" |