aboutsummaryrefslogtreecommitdiffstats
path: root/check-certificates
diff options
context:
space:
mode:
Diffstat (limited to 'check-certificates')
-rw-r--r--check-certificates11
1 files changed, 10 insertions, 1 deletions
diff --git a/check-certificates b/check-certificates
index 2bf2443..8a06f8b 100644
--- a/check-certificates
+++ b/check-certificates
@@ -49,11 +49,20 @@ $WaitFullyConnected;
/tool/fetch check-certificate=yes-without-crl \
($CertRenewUrl . $CertFileName) dst-path=$CertFileName as-value;
$WaitForFile $CertFileName;
+
+ :local DecryptionFailed true;
:foreach PassPhrase in=$CertRenewPass do={
- /certificate/import file-name=$CertFileName passphrase=$PassPhrase as-value;
+ :local Result [ /certificate/import file-name=$CertFileName passphrase=$PassPhrase as-value ];
+ :if ($Result->"decryption-failures" = 0) do={
+ :set DecryptionFailed false;
+ }
}
/file/remove [ find where name=$CertFileName ];
+ :if ($DecryptionFailed = true) do={
+ $LogPrintExit2 warning $0 ("Decryption failed for certificate file " . $CertFileName) false;
+ }
+
:foreach CertInChain in=[ /certificate/find where name~("^" . $CertFileName . "_[0-9]+\$") common-name!=($CertVal->"common-name") ] do={
$CertificateNameByCN [ /certificate/get $CertInChain common-name ];
}