github-personal/labca
1
0
Fork 0
mirror of https://github.com/outbackdingo/labca.git synced 2026-01-27 10:19:34 +00:00
Code Issues Packages Projects Releases Wiki Activity

Use ceremony tool for generating keys and certs; store keys on SoftHSM

Browse Source 
Replace openssl certificate / CRL generation with the tool as used by
Let's Encrypt, storing the keys on SoftHSMv2, a simulated HSM (Hardware
Security Module).
Include migration of old setups where key files were also stored on
disk.
This commit is contained in:
Arjan H
2025-01-31 20:44:48 +01:00
parent 8852d49425
commit 6d72d32398
38 changed files with 2181 additions and 583 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
restore
View File

@@ -25,4 +25,10 @@ vrs=$(grep version /opt/labca/data/config.json | sed -e 's/.*:[ ]*//' | sed -e '
rm -rf /opt/labca/data/* && mv $TMPDIR/data/* /opt/labca/data/
sed -i -e "s/\"version\": \".*\"/\"version\": \"$vrs\"/" /opt/labca/data/config.json
[ -d $TMPDIR/webpki ] || (echo "Public CA files backup not found"; exit 1)
rm -rf /opt/boulder/labca/certs/webpki/* && mv $TMPDIR/webpki/* /opt/boulder/labca/certs/webpki/
[ -d $TMPDIR/tokens ] || (echo "SoftHSMv2 tokens folder backup not found"; exit 1)
rm -rf /var/lib/softhsm/tokens/* && mv $TMPDIR/tokens/* /var/lib/softhsm/tokens/
rm -rf $TMPDIR