From a879ddbb53b8e9eff877f715180f8ea47c47a548 Mon Sep 17 00:00:00 2001 From: B Stack Date: Thu, 25 Jul 2019 14:16:30 -0400 Subject: fix chain_file name if DN is in a certain format --- files/certreq.sh | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) (limited to 'files') diff --git a/files/certreq.sh b/files/certreq.sh index e1638d4..8751b39 100755 --- a/files/certreq.sh +++ b/files/certreq.sh @@ -14,6 +14,7 @@ # 2018-07-30 add error checking on the request and authorization # 2018-08-16 update error checking and exit codes # 2018-09-10 add CERTREQ_OPENSSL_BIN and CERTREQ_OPENSSL_CONF values, and SAN support +# 2019-07-25 fix chain_file name if DN is a particular format # Usage: in ansible role certreq # Microsoft CA cert templates have permissions on them. A user must be able to "enroll" on the template. # Reference: ftemplate.sh 2017-10-10x; framework.sh 2017-10-09a @@ -21,7 +22,7 @@ # subjectaltname in openssl.cnf https://bgstack15.wordpress.com/2017/05/21/generate-certificate-with-subjectaltname-attributes-in-freeipa/ # Improve: fiversion="2017-10-10x" -certreqversion="2018-09-10b" +certreqversion="2019-07-25a" usage() { less -F >&2 </dev/null | sed -r -e 's/^.*CN=[A-Za-z0-9]+\.//;' )" + # parse the ldap DN for the DCs, if the hostname used in the previous step was not fully qualified + echo "${CA_DOMAIN}" | grep -qiE "\/dc=" && CA_DOMAIN="$( "${CERTREQ_OPENSSL_BIN}" x509 -in "${CERTREQ_TEMPFILE}" -noout -issuer 2>/dev/null | tr '/' '\n' | tac | awk -F'=' 'tolower($1) ~ /dc/{printf $2"."}' | sed -r -e 's/\.\s*$//;' )" CHAIN_FILE="chain-${CA_DOMAIN}.crt" mv -f "${CERTREQ_TEMPFILE}" "${CERTREQ_WORKDIR}/${CHAIN_FILE}" 1>/dev/null 2>&1 -- cgit