jcarr
/
wit-network-config
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

fixing ipsec cert generation section in postscript

This commit is contained in:
toby 2019-03-29 19:57:08 +00:00
parent ebc7c6a5ff
commit d3ecbaf20b
1 changed files with 6 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
debian/wit-network-config.postinst vendored
View File

@ -29,12 +29,12 @@ case "$1" in
IPSECCONFIG="etc/ipsec.conf.wit" IPSECCONFIG="etc/ipsec.conf.wit"
IPSECSECRETS="etc/ipsec.secrets" IPSECSECRETS="etc/ipsec.secrets"
SYSCTLTWEAKS="etc/sysctl.d/10-frr.conf" SYSCTLTWEAKS="etc/sysctl.d/10-frr.conf"
CAPATH=/etc/ipsec.d CAPATH="/etc/ipsec.d"
CACURLURL="http://bastion" CACURLURL="http://bastion"
## START gather all the info from the box and generate the variabels ## START gather all the info from the box and generate the variabels
HOSTNAME=$(hostname) HOSTNAME="$(hostname)"
DOMAINNAME=$(hostname -d) DOMAINNAME="$(hostname -d)"
dig_txt() { dig_txt() {
@ -389,10 +389,10 @@ case "$1" in
if [ ! -e $KEYFILE ]; then if [ ! -e $KEYFILE ]; then
pki --gen --type rsa --size 2048 --outform pem >${KEYFILE} pki --gen --type rsa --size 2048 --outform pem >${KEYFILE}
pki --req --in ${KEYFILE} --type rsa --digest sha512 --dn "C=US, O=Wit, CN=${CN}" --san "${CN}" --outform pem | curl --fail -T - ${CURLURL}/reqs/${REQFILE##*/} pki --req --in ${KEYFILE} --type rsa --digest sha512 --dn "C=US, O=Wit, CN=${HOSTNAME}" --san "${HOSTNAME}" --outform pem | curl --fail -T - ${CACURLURL}/reqs/${REQFILE##*/}
curl --fail -so ${CAFILE} ${CURLURL}/cacerts/${CAFILE##*/} curl --fail -so ${CAFILE} ${CACURLURL}/cacerts/${CAFILE##*/}
curl --fail -so ${CRLFILE} ${CURLURL}/crls/${CRLFILE##*/} curl --fail -so ${CRLFILE} ${CACURLURL}/crls/${CRLFILE##*/}
cat <<-EOF >/etc/cron.d/wit-net-config-pull-signed-cert cat <<-EOF >/etc/cron.d/wit-net-config-pull-signed-cert