KAZ/kaz-vagrant
12
0
Fork 0
Code Issues Pull Requests Projects Releases 1 Wiki Activity

smallstep au lieu de mkcert dans la vm

Browse Source
This commit is contained in:
Francois Lesueur
2023-05-26 11:36:05 +02:00
parent 4117afd993
commit 41e7591163
6 changed files with 41 additions and 55 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
files/snster-kaz/mica/infra/provision.sh
View File

@ -14,6 +14,11 @@ apt-get update
DEBIAN_FRONTEND=noninteractive apt-get install -y unbound
cp dns.conf /etc/unbound/unbound.conf.d/
# On place les certifs
if [ -f tls/root_ca.crt ]; then
cp -ar tls/root_ca.crt /usr/local/share/ca-certificates/
/usr/sbin/update-ca-certificates --fresh
fi
# Install smallstep CA / ACME server
cd /tmp
@ -23,7 +28,7 @@ wget "https://dl.smallstep.com/gh-release/certificates/gh-release-header/v0.24.2
dpkg -i step-ca_0.24.2_amd64.deb
echo "password" > /root/ca-passwordfile
step ca init --deployment-type=standalone --name="Kaz CA" --dns="ca.mica.sns" --acme --address=":443" --provisioner="contact@kaz.sns" --password-file="/root/ca-passwordfile" --root="letsencrypt/local/rootCA.pem" --key "letsencrypt/local/rootCA-key.pem"
step ca init --deployment-type=standalone --name="Kaz CA" --dns="ca.mica.sns" --acme --address=":443" --provisioner="contact@kaz.sns" --password-file="/root/ca-passwordfile" --root="${DIR}/tls/root_ca.crt" --key "${DIR}/tls/root_ca_key"
echo -e '#!/bin/sh\nstep-ca --password-file /root/ca-passwordfile' >> /etc/rc.local
chmod +x /etc/rc.local