Pass an empty passphrase on the command line for the p12 cert

2019-12-04 17:32:40 +01:00 · 2019-12-04 17:32:40 +01:00 · 632cb38aab
commit 632cb38aab
parent 9d9493af0d
1 changed files with 4 additions and 3 deletions
--- a/site-cookbooks/kosmos-dirsrv/resources/instance.rb
+++ b/site-cookbooks/kosmos-dirsrv/resources/instance.rb
@ -70,8 +70,9 @@ action :create do
    action :nothing
  end

-
  unless node.chef_environment == "development"
+    package "libnss3-tools" # provides pk12util
+
    cookbook_file "#{Chef::Config[:file_cache_path]}/tls.ldif" do
      source "tls.ldif"
      owner "root"
@ -87,13 +88,13 @@ action :create do
    # Merge the full chain and private key into one cert, to import into the
    # dirsrv dir
    execute "generate p12 cert" do
-      command "openssl pkcs12 -export -in /etc/letsencrypt/live/#{new_resource.hostname}/fullchain.pem -inkey /etc/letsencrypt/live/#{new_resource.hostname}/privkey.pem -out #{Chef::Config[:file_cache_path]}/#{new_resource.hostname}.p12 -name 'Server-Cert'"
+      command "openssl pkcs12 -export -in /etc/letsencrypt/live/#{new_resource.hostname}/fullchain.pem -inkey /etc/letsencrypt/live/#{new_resource.hostname}/privkey.pem -out #{Chef::Config[:file_cache_path]}/#{new_resource.hostname}.p12 -name 'Server-Cert' -passout pass:"
      action :nothing
      notifies :run, "execute[import p12 cert]", :immediately
    end

    execute "import p12 cert" do
-      command "pk12util -i #{Chef::Config[:file_cache_path]}/#{new_resource.hostname}.p12 -d #{inst_dir}"
+      command "pk12util -i #{Chef::Config[:file_cache_path]}/#{new_resource.hostname}.p12 -d #{inst_dir} -W ''"
      action :nothing
      notifies :run, "execute[add tls config]", :immediately
    end