nicholas/showcase
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

added automation

Browse Source
This commit is contained in:
nicholas
2022-07-19 16:50:40 +00:00
parent 1daa7e29dc
commit aece8a8a1b
1 changed files with 2 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
automation/certificates/internal/README.md
View File

@@ -18,6 +18,6 @@ Then run ./issue.sh at the top level. It will go through each folder and only ex
New certs (ie. issue.sh) will need to be manually approved in OpenXPKI. Afterwards, renew.sh signs the API request with the old cert so OpenXPKI will auto-approve the request (as long as the cert is still valid). Up to 5 certs with the same Subject can be issued at once. the ./renew.sh command can be put into a cron job to automate this task.
## TODO
## Automation
- I would like a way to determine if the cert still has x months/weeks so that I only renew at the last 1 or 2 weeks remaining.
- A cron runs daily to see if any certs are < 10 days until expiry. If they are it renews them, if not it skips. Renewal is automatically approved as the API calls to get the renewed cert from OpenXPKI are signed with the current cert (one of the auto-approval methods) and works as long as the cert is not expired.