commit issue.sh

automation/certificates/internal/manios.ca/issue.sh

@@ -0,0 +1,30 @@
+#!/bin/sh
+
+# loop through the directories
+for hostDir in */ ; do
+	echo "Entering ${hostDir}";
+	
+	# get the current CAs
+	(cd "${hostDir}" && sscep getca -f issue.cnf);
+	
+	# if there is a cert present, then we likely want to renew
+	if test -f "${hostDir}/crt.pem"; then
+		echo "Cert already exists in ${hostDir}crt.pem, do you mean to renew?";
+	else
+		echo "Issuing certificate in ${hostDir}";
+		
+		# generate a new key and csr
+		(cd "${hostDir}" && ./gen.sh);
+		
+		# make the cert issue request
+		(cd "${hostDir}" && sscep enroll -f issue.cnf);
+		
+		# make a full chain cert file
+		(cd "${hostDir}" && cat crt.pem ca.pem-1 ca.pem-2 > fullchain.pem);
+		
+		echo "Copying the current cert to the 'prev' directory for future renews";
+		
+		# copy this cert +key into the prev folder
+		(cd "${hostDir}" && cp crt.pem prev/crt.pem && cp key.pem prev/key.pem);
+	fi;
+done;