2014-04-13 17:15:55 +02:00
|
|
|
#!/bin/sh
|
2014-04-12 11:35:18 +02:00
|
|
|
ICINGA2PKIDIR=@CMAKE_INSTALL_FULL_DATADIR@/icinga2/pki
|
|
|
|
|
|
|
|
|
|
source $ICINGA2PKIDIR/pkifuncs
|
|
|
|
|
|
|
|
|
|
if [ -z "$1" ]; then
|
|
|
|
|
echo "Syntax: $0 <csr-file>" >&2
|
|
|
|
|
exit 1
|
|
|
|
|
fi
|
|
|
|
|
|
2014-04-12 11:51:18 +02:00
|
|
|
check_pki_dir
|
|
|
|
|
|
2014-04-12 11:35:18 +02:00
|
|
|
csrfile=$1
|
|
|
|
|
|
2014-04-12 11:51:18 +02:00
|
|
|
if [ ! -e "$ICINGA_CA/$csrfile" ]; then
|
2014-04-12 11:35:18 +02:00
|
|
|
echo "The specified CSR file does not exist."
|
|
|
|
|
exit 1
|
|
|
|
|
fi
|
|
|
|
|
|
2014-04-12 11:51:18 +02:00
|
|
|
pubkfile=${csrfile%.*}
|
2014-04-12 11:35:18 +02:00
|
|
|
|
|
|
|
|
if [ ! -f $ICINGA_CA/ca.crt -o ! -f $ICINGA_CA/ca.key ]; then
|
|
|
|
|
echo "Please build a CA certificate first." >&2
|
|
|
|
|
exit 1
|
|
|
|
|
fi
|
|
|
|
|
|
|
|
|
|
[ -f $ICINGA_CA/vars ] && source $ICINGA_CA/vars
|
|
|
|
|
|
2014-04-13 01:59:25 +02:00
|
|
|
openssl x509 -days "$REQ_DAYS" -CA $ICINGA_CA/ca.crt -CAkey $ICINGA_CA/ca.key -req -in $ICINGA_CA/$csrfile -outform PEM -out $ICINGA_CA/$pubkfile.crt -CAserial $ICINGA_CA/serial
|
2014-04-12 11:35:18 +02:00
|
|
|
|
|
|
|
|
# Make an agent bundle file
|
|
|
|
|
mkdir -p $ICINGA_CA/agent
|
|
|
|
|
cp $ICINGA_CA/$pubkfile.crt $ICINGA_CA/agent/agent.crt
|
|
|
|
|
cp $ICINGA_CA/ca.crt $ICINGA_CA/agent/ca.crt
|
2014-04-13 01:59:25 +02:00
|
|
|
tar cz -C $ICINGA_CA/agent/ ca.crt agent.crt | base64 > $ICINGA_CA/$pubkfile.bundle
|
2014-04-12 11:35:18 +02:00
|
|
|
rm -rf $ICINGA_CA/agent
|
2014-04-12 11:51:18 +02:00
|
|
|
|
|
|
|
|
echo "Done. $pubkfile.crt and $pubkfile.bundle files were written."
|
|
|
|
|
exit 0
|
