From 632cb38aab258a82c064cf44565765be0180dde5 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Greg=20Kar=C3=A9kinian?= Date: Wed, 4 Dec 2019 17:32:40 +0100 Subject: [PATCH] Pass an empty passphrase on the command line for the p12 cert --- site-cookbooks/kosmos-dirsrv/resources/instance.rb | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/site-cookbooks/kosmos-dirsrv/resources/instance.rb b/site-cookbooks/kosmos-dirsrv/resources/instance.rb index fd8ee07..03a6da3 100644 --- a/site-cookbooks/kosmos-dirsrv/resources/instance.rb +++ b/site-cookbooks/kosmos-dirsrv/resources/instance.rb @@ -70,8 +70,9 @@ action :create do action :nothing end - unless node.chef_environment == "development" + package "libnss3-tools" # provides pk12util + cookbook_file "#{Chef::Config[:file_cache_path]}/tls.ldif" do source "tls.ldif" owner "root" @@ -87,13 +88,13 @@ action :create do # Merge the full chain and private key into one cert, to import into the # dirsrv dir execute "generate p12 cert" do - command "openssl pkcs12 -export -in /etc/letsencrypt/live/#{new_resource.hostname}/fullchain.pem -inkey /etc/letsencrypt/live/#{new_resource.hostname}/privkey.pem -out #{Chef::Config[:file_cache_path]}/#{new_resource.hostname}.p12 -name 'Server-Cert'" + command "openssl pkcs12 -export -in /etc/letsencrypt/live/#{new_resource.hostname}/fullchain.pem -inkey /etc/letsencrypt/live/#{new_resource.hostname}/privkey.pem -out #{Chef::Config[:file_cache_path]}/#{new_resource.hostname}.p12 -name 'Server-Cert' -passout pass:" action :nothing notifies :run, "execute[import p12 cert]", :immediately end execute "import p12 cert" do - command "pk12util -i #{Chef::Config[:file_cache_path]}/#{new_resource.hostname}.p12 -d #{inst_dir}" + command "pk12util -i #{Chef::Config[:file_cache_path]}/#{new_resource.hostname}.p12 -d #{inst_dir} -W ''" action :nothing notifies :run, "execute[add tls config]", :immediately end