Pass an empty passphrase on the command line for the p12 cert
This commit is contained in:
parent
9d9493af0d
commit
632cb38aab
@ -70,8 +70,9 @@ action :create do
|
||||
action :nothing
|
||||
end
|
||||
|
||||
|
||||
unless node.chef_environment == "development"
|
||||
package "libnss3-tools" # provides pk12util
|
||||
|
||||
cookbook_file "#{Chef::Config[:file_cache_path]}/tls.ldif" do
|
||||
source "tls.ldif"
|
||||
owner "root"
|
||||
@ -87,13 +88,13 @@ action :create do
|
||||
# Merge the full chain and private key into one cert, to import into the
|
||||
# dirsrv dir
|
||||
execute "generate p12 cert" do
|
||||
command "openssl pkcs12 -export -in /etc/letsencrypt/live/#{new_resource.hostname}/fullchain.pem -inkey /etc/letsencrypt/live/#{new_resource.hostname}/privkey.pem -out #{Chef::Config[:file_cache_path]}/#{new_resource.hostname}.p12 -name 'Server-Cert'"
|
||||
command "openssl pkcs12 -export -in /etc/letsencrypt/live/#{new_resource.hostname}/fullchain.pem -inkey /etc/letsencrypt/live/#{new_resource.hostname}/privkey.pem -out #{Chef::Config[:file_cache_path]}/#{new_resource.hostname}.p12 -name 'Server-Cert' -passout pass:"
|
||||
action :nothing
|
||||
notifies :run, "execute[import p12 cert]", :immediately
|
||||
end
|
||||
|
||||
execute "import p12 cert" do
|
||||
command "pk12util -i #{Chef::Config[:file_cache_path]}/#{new_resource.hostname}.p12 -d #{inst_dir}"
|
||||
command "pk12util -i #{Chef::Config[:file_cache_path]}/#{new_resource.hostname}.p12 -d #{inst_dir} -W ''"
|
||||
action :nothing
|
||||
notifies :run, "execute[add tls config]", :immediately
|
||||
end
|
||||
|
Loading…
x
Reference in New Issue
Block a user