jcarr
/
wit-network-config
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

starting to migrate to a more meaningfull DN for ipsec

This commit is contained in:
toby 2019-04-17 02:42:36 +00:00
parent 99773128d3
commit 4f0c28d56b
2 changed files with 3 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
debian/wit-network-config.postinst vendored
View File

@ -389,6 +389,8 @@ case "$1" in
pki --gen --type rsa --size 2048 --outform pem >${KEYFILE} pki --gen --type rsa --size 2048 --outform pem >${KEYFILE}
pki --req --in ${KEYFILE} --type rsa --digest sha512 --dn "C=US, O=Wit, CN=${HOSTNAME}" --san "${HOSTNAME}" --outform pem | curl -6 --fail -T - ${CACURLURL}/reqs/${REQFILE##*/} pki --req --in ${KEYFILE} --type rsa --digest sha512 --dn "C=US, O=Wit, CN=${HOSTNAME}" --san "${HOSTNAME}" --outform pem | curl -6 --fail -T - ${CACURLURL}/reqs/${REQFILE##*/}
# we wanna migrate to this DN once the new ipsec.conf is rolled out everywhere
#pki --req --in ${KEYFILE} --type rsa --digest sha512 --dn "C=US, O=Wit, OU=DCs, OU=PhyNodes, CN=${HOSTNAME}" --san "${HOSTNAME}" --outform pem | curl -6 --fail -T - ${CACURLURL}/reqs/${REQFILE##*/}
curl -6 --fail -so ${CAFILE} ${CACURLURL}/cacerts/${CAFILE##*/} curl -6 --fail -so ${CAFILE} ${CACURLURL}/cacerts/${CAFILE##*/}
curl -6 --fail -so ${CRLFILE} ${CACURLURL}/crls/${CRLFILE##*/} curl -6 --fail -so ${CRLFILE} ${CACURLURL}/crls/${CRLFILE##*/}

1
templates/ipsec.conf.wit
View File

@ -23,6 +23,7 @@ conn %default
leftcert = FQHOSTNAME.crt leftcert = FQHOSTNAME.crt
leftid = "C=US, O=Wit, CN=FQHOSTNAME" leftid = "C=US, O=Wit, CN=FQHOSTNAME"
rightid = "C=US, O=Wit, CN=*" rightid = "C=US, O=Wit, CN=*"
rightid2 = "C=US, O=Wit, OU=DCs, OU=PhyNodes, CN=*"
auto = route auto = route