Beth
72e4afa255
Reviewed-on: #1 Co-authored-by: Beth <ejparker@actcur.com> Co-committed-by: Beth <ejparker@actcur.com>
36 lines
No EOL
1.3 KiB
Bash
36 lines
No EOL
1.3 KiB
Bash
FQDN=$(hostname -f)
|
|
mkdir -p "/etc/ssl/$FQDN"
|
|
|
|
#get x1 root
|
|
curl -o "/etc/ssl/$FQDN/x1.der" "https://x1.i.lencr.org"
|
|
openssl x509 -inform der -in /etc/ssl/$FQDN/x1.der -out /etc/ssl/$FQDN/x1.pem
|
|
|
|
#get x2 root
|
|
curl -o "/etc/ssl/$FQDN/x2.der" "https://x2.i.lencr.org"
|
|
openssl x509 -inform der -in /etc/ssl/$FQDN/x2.der -out /etc/ssl/$FQDN/x2.pem
|
|
|
|
#get issuer
|
|
openssl x509 -noout -text -in crt.pem | grep i.lencr.org | grep -Po http.+
|
|
issuer=`openssl x509 -noout -text -in /etc/letsencrypt/live/$FQDN/fullchain.pem | grep Issuer | grep Encrypt | grep -Po "(?<=CN=).*" | tr '[:upper:]' '[:lower:]'`
|
|
|
|
curl -o "/etc/ssl/$FQDN/$issuer.der" "https://$issuer.i.lencr.org"
|
|
openssl x509 -inform der -in /etc/ssl/$FQDN/$issuer.der -out /etc/ssl/$FQDN/$issuer.pem
|
|
|
|
|
|
ipa-cacert-manage install "/etc/ssl/$FQDN/x1.pem"
|
|
ipa-cacert-manage install "/etc/ssl/$FQDN/x2.pem"
|
|
ipa-cacert-manage install "/etc/ssl/$FQDN/$issuer.pem"
|
|
|
|
ipa-certupdate
|
|
|
|
if ! [[ -L /var/lib/ipa/certs/httpd.crt ]]
|
|
then
|
|
mv /var/lib/ipa/certs/httpd.crt /var/lib/ipa/certs/httpd.crt.bak
|
|
ln -s /etc/letsencrypt/live/$FQDN/cert.pem /var/lib/ipa/certs/httpd.crt
|
|
fi
|
|
|
|
if ! [[ -L /var/lib/ipa/private/httpd.key ]]
|
|
then
|
|
mv /var/lib/ipa/private/httpd.key /var/lib/ipa/private/httpd.key.bak
|
|
ln -s /etc/letsencrypt/live/$FQDN/privkey.pem /var/lib/ipa/private/httpd.key
|
|
fi |