Commit Graph

167 Commits

Author SHA1 Message Date
Jérémy Dubois fdf9357792 Fix mode of shellpki script in README file when installing it 2022-12-13 19:40:52 +01:00
Jérémy Dubois d04d68f6cb Release 22.12.2 2022-12-13 17:46:50 +01:00
Jérémy Dubois 514cd2e50f Defaults default_crl_days to 2 years instead of 1 2022-12-13 17:43:45 +01:00
Jérémy Dubois 30ef252ff5 Fix ${CRL} and ${CA_DIR} rights so that CRL file can be read by openvpn 2022-12-13 17:41:31 +01:00
Jérémy Dubois e0c29cfcf1 Release 22.12.1 2022-12-02 18:04:11 +01:00
Jérémy Dubois 2afa4ab449 update CHANGELOG 2022-12-02 16:32:22 +01:00
Jérémy Dubois a750b71e05 Fix path variables in cert-expirations.sh 2022-12-02 16:15:18 +01:00
Jérémy Dubois 24249d829c cert-expirations.sh: check CARP state only when checking ca and certs expirations 2022-12-02 15:08:31 +01:00
Jérémy Dubois 7382947fc3 Release 22.12 2022-12-01 16:50:41 +01:00
Jérémy Dubois bd5e02bb87 Use functions in cert-expirations.sh 2022-12-01 16:42:35 +01:00
Jérémy Dubois e33722d440 Improved cert-expirations.sh for better readability of its ouput 2022-12-01 15:35:11 +01:00
Jérémy Dubois 467ea5fe3d update CHANGELOG 2022-09-06 14:36:14 +02:00
Jérémy Dubois 3b3e0b01bf Merge branch 'openssl-pkey' into dev 2022-09-06 14:29:30 +02:00
Jérémy Dubois 34b53e63f2 The key file can be read and written only by the owner 2022-08-31 11:35:12 +02:00
Jérémy Dubois e886ca9549 Update README : how to create or revoke many certificates at once 2022-08-09 15:48:20 +02:00
Jérémy Dubois 5f792272c6 update CHANGELOG file 2022-07-13 11:20:01 +02:00
Brice Waegeneire f58712f2b3 create index.txt.attr file 2022-07-11 11:09:37 +02:00
Jérémy Dubois 754c3455e0 Release 22.04 2022-04-14 17:20:04 +02:00
Jérémy Dubois d614079138 Update CHANGELOG 2022-04-14 17:15:20 +02:00
Jérémy Dubois 7a034a2a17 Some files must be copied to ansible-roles/openvpn 2022-04-14 16:47:33 +02:00
Jérémy Dubois 42de07cb66 Add version to files that will be copied out of this repo so that we easily know if they will need an update 2022-04-14 16:21:38 +02:00
Jérémy Dubois 992fde0930 Precising that the --end-date hour is in UTC +0 2022-04-14 15:53:59 +02:00
Jérémy Dubois 6165ccec6c Generate CRL only if (re)generating CA 2022-04-14 15:51:07 +02:00
Jérémy Dubois 55e02c6a13 Check if CN already exists only after having asked for user password
Otherwise, with "-p", "--replace-existing" and "--non-interactive", with
CA_PASSWORD set but PASSWORD unset, the existing certificate was revoked but
the new one could'nt be created. Now, PASSWORD must be set or the exisiting
certificate won't be revoked
2022-04-14 15:18:57 +02:00
Jérémy Dubois ba2f553ef4 Do not use --password and --password-file together 2022-04-14 15:01:09 +02:00
Mathieu Trossevin 38aac7b137
Use genpkey and pkey instead of genrsa and rsa
genrsa and rsa are being deprecated by OpenSSL and both genpkey and pkey
provides the same functionalities as genrsa and rsa will being more
configurable.
2022-04-06 11:40:17 +02:00
Jérémy Dubois 97f1affa1b Create crl file after init of PKI 2022-04-04 18:13:37 +02:00
Jérémy Dubois 14a65fa42d Change SUFFIX to use human readable date instead of epoch 2022-04-04 17:55:37 +02:00
Jérémy Dubois c76b7a02ca Split show_usage for each subcommand, add --version and --help in addition to version and help, update VERSION 2022-04-04 17:37:20 +02:00
Jérémy Dubois 1fa4ff205e Parse date in ISO format rather than US format 2022-04-04 17:01:19 +02:00
Jérémy Dubois 554f6166c9 Forget to delete a debug line 2022-03-29 18:59:09 +02:00
Jérémy Dubois 85c3324713 Update Copyright 2022-03-29 18:48:45 +02:00
Jérémy Dubois 9f13a42355 Handle the case where --days argument is not a number or a negative one
Before this test, the error was displayed but ignored and the certificate was
still created depending on the default_days value in openssl.cnf
2022-03-29 18:42:28 +02:00
Jérémy Dubois abf6fb131c Do not use --end-date and --days together 2022-03-29 18:20:16 +02:00
Jérémy Dubois 191ba257d9 Fix parsing options when no option is given 2022-03-29 18:19:33 +02:00
Jérémy Dubois e42af2183c Fix --non-interactive behavior: there were still some prompts to the user 2022-03-29 18:18:01 +02:00
Jérémy Dubois a640892ecb Syntax: no space before ":" 2022-03-29 18:17:03 +02:00
Jérémy Dubois 6d71a5a177 Fix end-date format depending on system 2022-03-29 18:15:57 +02:00
Jérémy Dubois 047c6e334a Improve README and show_usage 2022-03-29 18:10:47 +02:00
Jérémy Dubois 5f27702f17 Delete ovpn.conf.example unnecessary here
shellpki alone is not enough to install OpenVPN, and the openvpn role provides
the openvpn server configuration
2022-03-29 18:01:23 +02:00
Jérémy Dubois 50fc8c2d21 README file : delete unnecessary leading spaces 2022-03-22 18:11:17 +01:00
Jérémy Dubois d0c6a55538 README file and show_usage function : replace "cert" with "certificate" 2022-03-22 18:08:57 +01:00
Jérémy Dubois da7809f3c0 Update README file and show_usage function : forgotten information 2022-03-22 18:04:03 +01:00
Jérémy Dubois 4a2e5c93f1 Update README file and show_usage function 2022-03-22 18:01:22 +01:00
Jérémy Lecour d48dc132be fix replace-existing and non-interactive confict 2022-03-14 14:40:50 +01:00
Jérémy Dubois 69db5a80aa More conventional "list" parsing 2022-03-14 11:03:36 +01:00
Jérémy Dubois c92f7a5a7e Change ovpn example file to match the openvpn ansible role and wiki 2022-03-14 10:55:28 +01:00
Jérémy Dubois af24b1469d Add nobind option to client config 2022-03-14 10:55:06 +01:00
Jérémy Lecour e8ced03988 add .ovpn example 2022-03-11 14:12:27 +01:00
Jérémy Lecour 4bb24707b0 simplify "list" options parsing 2022-03-11 14:10:53 +01:00