diff options
-rwxr-xr-x | files/certreq.sh | 5 |
1 files changed, 4 insertions, 1 deletions
diff --git a/files/certreq.sh b/files/certreq.sh index e1638d4..8751b39 100755 --- a/files/certreq.sh +++ b/files/certreq.sh @@ -14,6 +14,7 @@ # 2018-07-30 add error checking on the request and authorization # 2018-08-16 update error checking and exit codes # 2018-09-10 add CERTREQ_OPENSSL_BIN and CERTREQ_OPENSSL_CONF values, and SAN support +# 2019-07-25 fix chain_file name if DN is a particular format # Usage: in ansible role certreq # Microsoft CA cert templates have permissions on them. A user must be able to "enroll" on the template. # Reference: ftemplate.sh 2017-10-10x; framework.sh 2017-10-09a @@ -21,7 +22,7 @@ # subjectaltname in openssl.cnf https://bgstack15.wordpress.com/2017/05/21/generate-certificate-with-subjectaltname-attributes-in-freeipa/ # Improve: fiversion="2017-10-10x" -certreqversion="2018-09-10b" +certreqversion="2019-07-25a" usage() { less -F >&2 <<ENDUSAGE @@ -259,6 +260,8 @@ get_latest_ca_cert_chain() { # RENAME TO PROPER FILENAME # will read only the first cert, so get domain of issuer of it. CA_DOMAIN="$( "${CERTREQ_OPENSSL_BIN}" x509 -in "${CERTREQ_TEMPFILE}" -noout -issuer 2>/dev/null | sed -r -e 's/^.*CN=[A-Za-z0-9]+\.//;' )" + # parse the ldap DN for the DCs, if the hostname used in the previous step was not fully qualified + echo "${CA_DOMAIN}" | grep -qiE "\/dc=" && CA_DOMAIN="$( "${CERTREQ_OPENSSL_BIN}" x509 -in "${CERTREQ_TEMPFILE}" -noout -issuer 2>/dev/null | tr '/' '\n' | tac | awk -F'=' 'tolower($1) ~ /dc/{printf $2"."}' | sed -r -e 's/\.\s*$//;' )" CHAIN_FILE="chain-${CA_DOMAIN}.crt" mv -f "${CERTREQ_TEMPFILE}" "${CERTREQ_WORKDIR}/${CHAIN_FILE}" 1>/dev/null 2>&1 |