diff options
-rw-r--r-- | ca.conf | 3 | ||||
-rw-r--r-- | cb.conf | 3 | ||||
-rw-r--r-- | rotate-keys.in | 4 | ||||
-rwxr-xr-x | sign-ca.in | 4 |
4 files changed, 10 insertions, 4 deletions
@@ -4,6 +4,9 @@ ca_name='eckner-ca' ca_subject_prefix='/C=DE/ST=Thuringia/L=Jena/O=Eckner/OU=Net' +# generate new ca key/cert afther this many days +ca_min_duration=60 + # which system user owns the ca ca_user='erich' @@ -9,6 +9,9 @@ ignore_hosts=('localhost') # where should the certificates be requested? ca_host='user@ca.example.com' +# request new key/cert afther this many days +key_min_duration=15 + # which user owns the certificates (not root) certificate_user='http' diff --git a/rotate-keys.in b/rotate-keys.in index 0ba3480..724ea24 100644 --- a/rotate-keys.in +++ b/rotate-keys.in @@ -46,9 +46,9 @@ if [ "$(whoami)" != "${certificate_user}" ]; then for host_key_file in ${host_key_files}; do if [ -f "${key_dir}/${host_key_file}.key.new" ] \ && [ -f "${key_dir}/${host_key_file}.crt.new" ]; then - if [ "$(stat -c%Y "${key_dir}/${host_key_file}.key.new")" -ge "$(($(date +%s)-60*60*24*30))" ] \ + if [ "$(stat -c%Y "${key_dir}/${host_key_file}.key.new")" -ge "$(($(date +%s)-60*60*24*key_min_duration))" ] \ && [ -f "${key_dir}/${host_key_file}.key" ] \ - && [ "$(stat -c%Y "${key_dir}/${host_key_file}.crt.new")" -ge "$(($(date +%s)-60*60*24*30))" ] \ + && [ "$(stat -c%Y "${key_dir}/${host_key_file}.crt.new")" -ge "$(($(date +%s)-60*60*24*key_min_duration))" ] \ && [ -f "${key_dir}/${host_key_file}.crt" ]; then continue fi @@ -17,9 +17,9 @@ fi if [ -f "${key_dir}/${ca_name}.key.new" ] \ && [ -f "${key_dir}/${ca_name}.crt.new" ]; then - if [ "$(stat -c%Y "${key_dir}/${ca_name}.key.new")" -lt "$(($(date +%s)-60*60*24*30))" ] \ + if [ "$(stat -c%Y "${key_dir}/${ca_name}.key.new")" -lt "$(($(date +%s)-60*60*24*ca_min_duration))" ] \ || [ ! -f "${key_dir}/${ca_name}.key" ] \ - || [ "$(stat -c%Y "${key_dir}/${ca_name}.crt.new")" -lt "$(($(date +%s)-60*60*24*30))" ] \ + || [ "$(stat -c%Y "${key_dir}/${ca_name}.crt.new")" -lt "$(($(date +%s)-60*60*24*ca_min_duration))" ] \ || [ ! -f "${key_dir}/${ca_name}.crt" ]; then mv "${key_dir}/${ca_name}.key"{.new,} mv "${key_dir}/${ca_name}.crt"{.new,} |