Last active
September 19, 2024 05:18
-
-
Save johnsimcall/1afbba66181c0c2a7207e815616b213d to your computer and use it in GitHub Desktop.
Cockpit certificate
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ### This is a little script to help me install / rotate Cockpit certificates | |
| #!/bin/bash | |
| CERT_PKCS7=$(hostname -f).pkcs7 | |
| CERT_PEM=$(hostname -f).pem | |
| KEY=$(hostname -f).key | |
| DEST=/etc/cockpit/ws-certs.d/$(hostname -f).cert | |
| [ -f $CERT_PKCS7 ] || echo "Certificate file not found: $CERT_PKCS7" | |
| [ -f $KEY ] || echo "Private key file not found: $KEY" | |
| # Convert the PKCS7 data into PEM format | |
| openssl pkcs7 -print_certs -in $CERT_PKCS7 -out $CERT_PEM | |
| # Remove garbage from the PEM file and add the private key to the file so Cockpit can use it | |
| grep -v -e '^$' -e '^subject' -e '^issuer' < $CERT_PEM > $DEST | |
| cat $KEY >> $DEST | |
| # Restart Cockpit | |
| systemctl restart cockpit.service |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ### This command generates a Certificate Signing Request (CSR) and accompanying private key | |
| openssl req -newkey rsa:4096 -nodes \ | |
| -subj "/CN=$(hostname -f)" \ | |
| -addext "subjectAltName=DNS:$(hostname -f)" \ | |
| -keyout $(hostname -f).key \ | |
| -out $(hostname -f).csr |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment