XOS>> cert_checker>> 返回
项目作者: junkb

项目描述 :
check certificates for expiration, and renew if needed
高级语言: Shell
项目地址: git://github.com/junkb/cert_checker.git
创建时间: 2017-02-01T14:56:33Z
项目社区:https://github.com/junkb/cert_checker
开源协议:GNU General Public License v3.0
下载


depends on:

small set of utilities to check certificate expiration and, if necesary, request a new certificate

expects certain conventions as set forth in the comments

  1. create a service/system account:
  1. export service_username='certfetcher'
  2. useradd --system --user-group --shell /bin/bash --create-home --home "/var/lib/${service_username}" --comment 'pki certificate fetcher' "${service_username}"
  3. unset service_username
  1. make the necessary sudo adjustments to allow the service acount to reload/restart the appropriate services

follow the process/steps outlined in initial_setup/initial_setup-root for environment prep as root

follow the process/steps outlined in initial_setup/initial_setup-service_user for environment prep as the service user

for creation/request of the initial certificate, use gen_csr and req_cert

for sample web server config, see initial_setup/example_config-httpd.

for sample crontab entry, see initial_setup/sample_crontab. this should be placed in the service user’s crontab. not root.