Skip to content
Snippets Groups Projects
Commit c6866d13 authored by Pierre Ozoux's avatar Pierre Ozoux
Browse files

Adds OCSP support. closes #2

parent fd9ca7f6
No related merge requests found
#!/bin/bash -eux
PEM_FILE=${1}
CRT_FILE=/tmp/`basename ${PEM_FILE} | sed 's/pem/crt/'`
DIR=`dirname ${PEM_FILE}`
URL=`openssl x509 -in ${PEM_FILE} -text | grep OCSP | cut -d: -f2,3`
HEADER=`echo $URL | cut -d/ -f3`
ISSUER_CRT_URL=`openssl x509 -in ${PEM_FILE} -text | grep Issuers | cut -d: -f2,3`
wget ${ISSUER_CRT_URL} -q -O - | openssl x509 -inform DER -outform PEM > ${PEM_FILE}.issuer
openssl x509 -outform PEM -in ${PEM_FILE} > ${CRT_FILE}
openssl ocsp -noverify -issuer ${PEM_FILE}.issuer -cert ${CRT_FILE} -url ${URL} -no_nonce -header Host ${HEADER} -respout ${PEM_FILE}.ocsp
[Unit]
Description=Get the OCSP data from the cert provider
[Service]
Type=oneshot
TimeoutStartSec=0
ExecStart=/bin/bash -euxc ' \
for cert in `ls /data/runtime/haproxy/approved-certs/*.pem`;do \
/data/indiehosters/scripts/ocsp.sh $cert; \
done'
[Unit]
Description=Daily timer for OCSP stapling
[Timer]
OnUnitActiveSec=1day
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment