🛈 This script can not be used on its own but requires the base installation. See main README for details.
This script renews certificates issued by a local certificate authority (CA). Optionally the certificates are exported with individual passphrases for easy pick-up.
Just install the script:
The configuration goes to
global-config-overlay, there is just one
CertRenewPass: an array holding individual passphrases for certificates
Run the script to renew certificates issued from a local CA.
/ system script run certificate-renew-issued;
Only scripts with a remaining lifetime of three weeks or less are renewed.
The old certificate is revoked automatically. If a passphrase for a specific
certificate is given in
CertRenewPass the certificate is exported and
PKCS#12 file (
cert-issued/CN.p12) can be found on device's storage.