From d08a342f06e268ef06e49f98e989db4ca26ec946 Mon Sep 17 00:00:00 2001 From: Christian Hesse Date: Fri, 27 Mar 2020 21:40:35 +0100 Subject: add doc/certificate-renew-issued.md --- doc/certificate-renew-issued.md | 47 +++++++++++++++++++++++++++++++++++++++++ 1 file changed, 47 insertions(+) create mode 100644 doc/certificate-renew-issued.md (limited to 'doc') diff --git a/doc/certificate-renew-issued.md b/doc/certificate-renew-issued.md new file mode 100644 index 0000000..e460ce1 --- /dev/null +++ b/doc/certificate-renew-issued.md @@ -0,0 +1,47 @@ +Renew locally issued certificates +================================= + +[◀ Go back to main README](../README.md) + +Description +----------- + +This script renews certificates issued by a local certificate authority (CA). +Optionally the certificates are exported with individual passphrases for +easy pick-up. + +Requirements and installation +----------------------------- + +Just install the script: + + $ScriptInstallUpdate certificate-renew-issued; + +Configuration +------------- + +The configuration goes to `global-config-overlay`, there is just one +parameter: + +* `CertRenewPass`: an array holding individual passphrases for certificates + +Usage and invocation +-------------------- + +Run the script to renew certificates issued from a local CA. + + / system script run certificate-renew-issued; + +Only scripts with a remaining lifetime of three weeks or less are renewed. +The old certificate is revoked automatically. If a passphrase for a specific +certificate is given in `CertRenewPass` the certificate is exported and +PKCS#12 file (`cert-issued/CN.p12`) can be found on device's storage. + +See also +-------- + +* [Renew certificates and notify on expiration](check-certificates.md) + +--- +[◀ Go back to main README](../README.md) +[▲ Go back to top](#top) -- cgit v1.2.3-54-g00ecf