Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/jirutka/cesnet-tcs-cli

CLI client utility for CESNET TCS API
https://github.com/jirutka/cesnet-tcs-cli

certificates cesnet cesnet-tcs shell utility

Last synced: 3 months ago
JSON representation

CLI client utility for CESNET TCS API

Host: GitHub
URL: https://github.com/jirutka/cesnet-tcs-cli
Owner: jirutka
License: mit
Created: 2019-05-08T17:19:44.000Z (over 5 years ago)
Default Branch: master
Last Pushed: 2021-06-16T12:04:47.000Z (over 3 years ago)
Last Synced: 2024-06-20T11:58:19.155Z (7 months ago)
Topics: certificates, cesnet, cesnet-tcs, shell, utility
Language: Shell
Homepage: https://github.com/jirutka/cesnet-tcs-cli
Size: 74.2 KB
Stars: 5
Watchers: 5
Forks: 0
Open Issues: 0
Metadata Files:
- Readme: README.adoc
- License: LICENSE

Awesome Lists containing this project

README

        = CESNET TCS CLI

:name: cesnet-tcs-cli

:version: 0.4.0

:gh-name: jirutka/{name}

This project provides CLI utility `cesnet-tcs` for requesting and fetching server certificates from https://tcs.cesnet.cz/en/[CESNET TCS] using https://pki.cesnet.cz/cs/tcs-api-documentation.html[TCS API].

It also provides ready-made cron scripts for complete automation of the certificates renewal before expiration.

== Requirements

* http://pubs.opengroup.org/onlinepubs/9699919799/utilities/V3_chap02.html[POSIX-sh] compatible shell (e.g. Busybox ash, dash, ZSH, bash, …)

* `grep`, `sed`, `tr` (both GNU and Busybox)

* `curl`

* `openssl` (≥ 1.1.1 if you use subject alternative names)

== Installation

NOTE: The project’s link:Makefile[] supports standard GNU variables such as `DESTDIR`, `prefix`, `bindir`…

=== On Alpine Linux

[source, sh, subs="verbatim, attributes"]

apk add {name}

ln -s /usr/bin/cesnet-tcs-fetch-issued /etc/periodic/hourly/

ln -s /usr/bin/cesnet-tcs-renew /etc/periodic/daily/

=== From git

[source, sh, subs="verbatim, attributes"]

----

git clone -b v{version} https://github.com/{gh-name}.git

cd {name}

make install

make install-cron

----

=== From Tarball

[source, sh, subs="verbatim, attributes"]

----

wget https://github.com/{gh-name}/archive/v{version}/{name}-{version}.tar.gz

tar -xzf {name}-{version}.tar.gz

cd {name}-{version}

make install

make install-cron

----

== Usage

See `--help` of link:cesnet-tcs#L3[cesnet-tcs], link:cesnet-tcs-fetch-issued#L3[cesnet-tcs-fetch-issued], link:cesnet-tcs-renew#L3[cesnet-tcs-renew] and comments in link:cesnet-tcs.conf[].

.*Typical workflow in a nutshell:*

. Request a new certificate using `cesnet-tcs req my.example.org`

. Once the request is approved and the certificate issued, the `cesnet-tcs-fetch-issued` cron script will automatically fetch it and store in `/etc/ssl/cesnet`.

. Two weeks before the certificate’s expiration date the `cesnet-tcs-renew` cron script will automatically request a new one. _goto 2_

== Files and Directories

link:cesnet-tcs[/usr/bin/cesnet-tcs]::

  Requests a certificate or fetches the issued certificate from CESNET TCS.

link:cesnet-tcs-fetch-issued[/usr/bin/cesnet-tcs-fetch-issued] (<– /etc/periodic/hourly/cesnet-tcs-fetch-issued)::

  Checks pending certificate requests in `$spool_dir` footnote:[`cesnet-tcs req` writes theres file for each requested certificate.] and fetches all that are already issued.

  Afterwards runs `$post_fetch_script` with domain names of the fetched certificates as arguments, if there are some.

  This script is supposed to be run periodically by cron.

link:cesnet-tcs-renew[/usr/bin/cesnet-tcs-renew] (<– /etc/periodic/daily/cesnet-tcs-renew)::

  Checks all certificates in `$certs_dir` and for each that is _N_ days to expire (_N_ is specified by `$renew_days_before`) sends a new certificate request to CESNET TCS.

  This script is supposed to be run periodically by cron.

link:cesnet-tcs.conf[/etc/cesnet-tcs/cesnet-tcs.conf]::

  Configuration file in shell syntax for all the above scripts.

link:post-fetch.sh[/etc/cesnet-tcs/post-fetch.sh]::

  A hook script that is executed by `cesnet-tcs-fetch-issued` after it fetches some new certificate(s).

/etc/ssl/cesnet::

  Directory where certificates and keys are stored.

  The location can be changed by `$certs_dir` and `$keys_dir` config variables.

/var/spool/cesnet-tcs::

  Directory where IDs of the sent certificate requests are stored.

  The location can be changed by `$spool_dir` config variable.

NOTE: All paths correspond to installation with `prefix=/usr`.

== License

This project is licensed under http://opensource.org/licenses/MIT[MIT License].

For the full text of the license, see the link:LICENSE[LICENSE] file.