_keyring_ -> _keystore_
This commit is contained in:
parent
fc0082f6c0
commit
497951c2b6
|
@ -4,29 +4,29 @@ ORIENTDB_ENABLED="{{ orientdb_enabled }}"
|
||||||
RETVAL=0
|
RETVAL=0
|
||||||
|
|
||||||
# Add the CA certificate if it's not already present
|
# Add the CA certificate if it's not already present
|
||||||
keytool -list -keystore {{ java_keyring_file }} -storepass {{ java_keyring_pwd }} -noprompt | grep {{ java_keyring_letsencrypt_trusted_ca }}
|
keytool -list -keystore {{ java_keystore_file }} -storepass {{ java_keystore_pwd }} -noprompt | grep {{ java_keystore_letsencrypt_trusted_ca }}
|
||||||
RETVAL=$?
|
RETVAL=$?
|
||||||
|
|
||||||
if [ $RETVAL -ne 0 ] ; then
|
if [ $RETVAL -ne 0 ] ; then
|
||||||
keytool -trustcacerts -keystore "{{ java_keyring_file }}" -storepass {{ java_keyring_pwd }} -noprompt -importcert -alias "{{ java_keyring_letsencrypt_trusted_ca }}" -dname "CN={{ ansible_fqdn }}" -file "{{ letsencrypt_acme_certs_dir }}/fullchain"
|
keytool -trustcacerts -keystore "{{ java_keystore_file }}" -storepass {{ java_keystore_pwd }} -noprompt -importcert -alias "{{ java_keystore_letsencrypt_trusted_ca }}" -dname "CN={{ ansible_fqdn }}" -file "{{ letsencrypt_acme_certs_dir }}/fullchain"
|
||||||
fi
|
fi
|
||||||
# Remove the old certificate
|
# Remove the old certificate
|
||||||
keytool -storepass {{ java_keyring_pwd }} -keystore "{{ java_keyring_file }}" -delete -alias "{{ ansible_fqdn }}"
|
keytool -storepass {{ java_keystore_pwd }} -keystore "{{ java_keystore_file }}" -delete -alias "{{ ansible_fqdn }}"
|
||||||
|
|
||||||
# Check if the old certificate is still present. If so, we have a problem. Otherwise, import the new one
|
# Check if the old certificate is still present. If so, we have a problem. Otherwise, import the new one
|
||||||
keytool -list -keystore {{ java_keyring_file }} -storepass {{ java_keyring_pwd }} -noprompt | grep {{ ansible_fqdn }}
|
keytool -list -keystore {{ java_keystore_file }} -storepass {{ java_keystore_pwd }} -noprompt | grep {{ ansible_fqdn }}
|
||||||
RETVAL=$?
|
RETVAL=$?
|
||||||
if [ $RETVAL -ne 0 ] ; then
|
if [ $RETVAL -ne 0 ] ; then
|
||||||
openssl pkcs12 -export -in {{ letsencrypt_acme_certs_dir }}/cert -inkey {{ letsencrypt_acme_certs_dir }}/privkey -CAfile {{ letsencrypt_acme_certs_dir }}/fullchain -name "{{ ansible_fqdn }}" -out /var/tmp/{{ ansible_fqdn }}.p12 -password pass:{{ java_keyring_pwd }}
|
openssl pkcs12 -export -in {{ letsencrypt_acme_certs_dir }}/cert -inkey {{ letsencrypt_acme_certs_dir }}/privkey -CAfile {{ letsencrypt_acme_certs_dir }}/fullchain -name "{{ ansible_fqdn }}" -out /var/tmp/{{ ansible_fqdn }}.p12 -password pass:{{ java_keystore_pwd }}
|
||||||
keytool -importkeystore -srcstorepass {{ java_keyring_pwd }} -deststorepass {{ java_keyring_pwd }} -destkeystore {{ java_keyring_file }} -srckeystore /var/tmp/{{ ansible_fqdn }}.p12 -srcstoretype PKCS12
|
keytool -importkeystore -srcstorepass {{ java_keystore_pwd }} -deststorepass {{ java_keystore_pwd }} -destkeystore {{ java_keystore_file }} -srckeystore /var/tmp/{{ ansible_fqdn }}.p12 -srcstoretype PKCS12
|
||||||
rm -f /var/tmp/{{ ansible_fqdn }}.p12
|
rm -f /var/tmp/{{ ansible_fqdn }}.p12
|
||||||
else
|
else
|
||||||
logger "orientdb letsencrypt hook: the old certificate is still present inside the keystore, aborting."
|
logger "orientdb letsencrypt hook: the old certificate is still present inside the keystore, aborting."
|
||||||
exit 1
|
exit 1
|
||||||
fi
|
fi
|
||||||
|
|
||||||
chmod 440 "{{ java_keyring_file }}"
|
chmod 440 "{{ java_keystore_file }}"
|
||||||
chgrp {{ orientdb_user }} "{{ java_keyring_file }}"
|
chgrp {{ orientdb_user }} "{{ java_keystore_file }}"
|
||||||
|
|
||||||
if [ "$ORIENTDB_ENABLED" == "True" ] ; then
|
if [ "$ORIENTDB_ENABLED" == "True" ] ; then
|
||||||
logger "orientdb letsencrypt hook: shut down orientdb."
|
logger "orientdb letsencrypt hook: shut down orientdb."
|
||||||
|
|
|
@ -50,10 +50,10 @@
|
||||||
{% else %}
|
{% else %}
|
||||||
<parameter value="false" name="network.ssl.clientAuth"/>
|
<parameter value="false" name="network.ssl.clientAuth"/>
|
||||||
{% endif %}
|
{% endif %}
|
||||||
<parameter value="{{ java_keyring_file }}" name="network.ssl.keyStore"/>
|
<parameter value="{{ java_keystore_file }}" name="network.ssl.keyStore"/>
|
||||||
<parameter value="{{ java_keyring_pwd }}" name="network.ssl.keyStorePassword"/>
|
<parameter value="{{ java_keystore_pwd }}" name="network.ssl.keyStorePassword"/>
|
||||||
<parameter value="{{ java_keyring_file }}" name="network.ssl.trustStore"/>
|
<parameter value="{{ java_keystore_file }}" name="network.ssl.trustStore"/>
|
||||||
<parameter value="{{ java_keyring_pwd }}" name="network.ssl.trustStorePassword"/>
|
<parameter value="{{ java_keystore_pwd }}" name="network.ssl.trustStorePassword"/>
|
||||||
</parameters>
|
</parameters>
|
||||||
</socket>
|
</socket>
|
||||||
<socket implementation="com.orientechnologies.orient.server.network.OServerTLSSocketFactory" name="https">
|
<socket implementation="com.orientechnologies.orient.server.network.OServerTLSSocketFactory" name="https">
|
||||||
|
@ -63,10 +63,10 @@
|
||||||
{% else %}
|
{% else %}
|
||||||
<parameter value="false" name="network.ssl.clientAuth"/>
|
<parameter value="false" name="network.ssl.clientAuth"/>
|
||||||
{% endif %}
|
{% endif %}
|
||||||
<parameter value="{{ java_keyring_file }}" name="network.ssl.keyStore"/>
|
<parameter value="{{ java_keystore_file }}" name="network.ssl.keyStore"/>
|
||||||
<parameter value="{{ java_keyring_pwd }}" name="network.ssl.keyStorePassword"/>
|
<parameter value="{{ java_keystore_pwd }}" name="network.ssl.keyStorePassword"/>
|
||||||
<parameter value="{{ java_keyring_file }}" name="network.ssl.trustStore"/>
|
<parameter value="{{ java_keystore_file }}" name="network.ssl.trustStore"/>
|
||||||
<parameter value="{{ java_keyring_pwd }}" name="network.ssl.trustStorePassword"/>
|
<parameter value="{{ java_keystore_pwd }}" name="network.ssl.trustStorePassword"/>
|
||||||
</parameters>
|
</parameters>
|
||||||
</socket>
|
</socket>
|
||||||
</sockets>
|
</sockets>
|
||||||
|
|
Loading…
Reference in New Issue