jcarr
/
wit-network-config
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

just like I assumed, SAN header not needed for ipsec and moved the CA handler to mirrors

This commit is contained in:
toby 2019-04-18 05:33:21 +00:00
parent 4f0c28d56b
commit f293436c67
1 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
debian/wit-network-config.postinst vendored
View File

@ -29,7 +29,7 @@ case "$1" in
IPSECCONFIG="etc/ipsec.conf.wit"
IPSECSECRETS="etc/ipsec.secrets"
CAPATH="/etc/ipsec.d"
CACURLURL="http://bastion"
CACURLURL="https://mirrors.wit.com/wit-ca"
## START gather all the info from the box and generate the variabels
HOSTNAME="$(hostname)"
@ -388,7 +388,7 @@ case "$1" in
if [ ! -e $KEYFILE ]; then
pki --gen --type rsa --size 2048 --outform pem >${KEYFILE}
pki --req --in ${KEYFILE} --type rsa --digest sha512 --dn "C=US, O=Wit, CN=${HOSTNAME}" --san "${HOSTNAME}" --outform pem | curl -6 --fail -T - ${CACURLURL}/reqs/${REQFILE##*/}
pki --req --in ${KEYFILE} --type rsa --digest sha512 --dn "C=US, O=Wit, CN=${HOSTNAME}" --outform pem | curl -6 --fail -T - ${CACURLURL}/reqs/${REQFILE##*/}
# we wanna migrate to this DN once the new ipsec.conf is rolled out everywhere
#pki --req --in ${KEYFILE} --type rsa --digest sha512 --dn "C=US, O=Wit, OU=DCs, OU=PhyNodes, CN=${HOSTNAME}" --san "${HOSTNAME}" --outform pem | curl -6 --fail -T - ${CACURLURL}/reqs/${REQFILE##*/}