summaryrefslogtreecommitdiff
path: root/src/helpers/simple-download.py
diff options
context:
space:
mode:
authorChristian Breunig <christian@breunig.cc>2024-10-06 20:13:56 +0200
committerMergify <37929162+mergify[bot]@users.noreply.github.com>2024-10-07 15:10:09 +0000
commit195a1feec400e7159290479c23c0176774a9eccf (patch)
tree9800f96c1ebaceea400e55a147e256110d496669 /src/helpers/simple-download.py
parent3e7cc03b4608196a0989e6af6ad65748b69f0672 (diff)
downloadvyos-1x-mergify/bp/circinus/pr-4118.tar.gz
vyos-1x-mergify/bp/circinus/pr-4118.zip
pki: T6481: auto import ACME certificate chain into CLImergify/bp/circinus/pr-4118
When using an ACME based certificate with VyOS we provide the necessary PEM files opaque in the background when using the internal tools. This however will not properly work with the CA chain portion, as the system is based on the "pki certificate <name> acme" CLI node of a certificate but CA chains reside under "pki ca". This adds support for importing the PEM data of a CA chain issued via ACME into the "pki ca AUTOCHAIN_<name> certificate" subsystem so it can be queried by other daemons. Importing the chain only happens, when the chain was not already added manually by the user. ACME certificate chains that are automatically added to the CLI are all prefixed using AUTOCHAIN_certname so they can be consumed by any daemon. This also adds a safeguard when the intermediate CA changes, the referenced name on the CLI stays consitent for any pending daemon updates. (cherry picked from commit 875764b07f937fc599e2e62c667e7b811ddc2ed3)
Diffstat (limited to 'src/helpers/simple-download.py')
0 files changed, 0 insertions, 0 deletions