ℹ️ Info: This script can not be used on its own but requires the base installation. See main README for details.
This script renews certificates issued by a local certificate authority (CA). Optionally the certificates are exported with individual passphrases for easy pick-up.
Just install the script:
The configuration goes to
global-config-overlay, there is just one
CertRenewPass: an array holding individual passphrases for certificates
ℹ️ Info: Copy relevant configuration from
global-config(the one without
-overlay) to your local
global-config-overlayand modify it to your specific needs.
Run the script to renew certificates issued from a local CA.
Only scripts with a remaining lifetime of three weeks or less are renewed.
The old certificate is revoked automatically. If a passphrase for a specific
certificate is given in
CertRenewPass the certificate is exported and
PKCS#12 file (
cert-issued/CN.p12) can be found on device's storage.