2020-07-30 07:50:30 +00:00
|
|
|
echo $VAULT_ADDR $VAULT_TOKEN
|
|
|
|
|
|
|
|
|
|
curl --request POST --data '{"key": "'$VAULT_UNSEAL_KEY1'"}' $VAULT_ADDR/v1/sys/unseal
|
|
|
|
|
curl --request POST --data '{"key": "'$VAULT_UNSEAL_KEY2'"}' $VAULT_ADDR/v1/sys/unseal
|
|
|
|
|
curl --request POST --data '{"key": "'$VAULT_UNSEAL_KEY3'"}' $VAULT_ADDR/v1/sys/unseal
|
|
|
|
|
|
|
|
|
|
CERTNAME=$(hostname).{{local_domainname}}
|
|
|
|
|
curl --header "X-Vault-Token: $VAULT_TOKEN" \
|
|
|
|
|
--request POST \
|
|
|
|
|
--data '{"common_name": "'$CERTNAME'", "ttl": "43800h"}' \
|
2020-08-25 15:15:38 +00:00
|
|
|
$VAULT_ADDR/v1/rootca_store/issue/{{vaultStoreRole}} > certificateResult.txt
|
2020-07-30 07:50:30 +00:00
|
|
|
|
|
|
|
|
jq .data.private_key certificateResult.txt | sed "s/\"//g" | sed "s/\\\n/\n/g" > cert.pem
|
|
|
|
|
jq .data.certificate certificateResult.txt | sed "s/\"//g" | sed "s/\\\n/\n/g" > cert.crt
|
2020-12-15 02:07:26 +00:00
|
|
|
|
|
|
|
|
jq .data.ca_chain certificateResult.txt | sed "s/\"//g" | sed "s/\\\n/\n/g" > ca.crt.tmp
|
|
|
|
|
jq .data.issuing_ca certificateResult.txt | sed "s/\"//g" | sed "s/\\\n/\n/g" >> ca.crt.tmp
|
|
|
|
|
jq .data.ca_chain[0] certificateResult.txt | sed "s/\"//g" | sed "s/\\\n/\n/g" >> ca.crt.tmp
|
|
|
|
|
jq .data.ca_chain[1] certificateResult.txt | sed "s/\"//g" | sed "s/\\\n/\n/g" >> ca.crt.tmp
|
|
|
|
|
grep ca.crt.tmp -v -e null > ca.crt
|
2020-07-30 07:50:30 +00:00
|
|
|
|
|
|
|
|
mv cert.pem /etc/ssl/private/$(hostname).{{local_domainname}}.key
|
|
|
|
|
mv cert.crt /etc/ssl/certs/$(hostname).{{local_domainname}}.crt
|
2020-08-25 12:43:35 +00:00
|
|
|
mv ca.crt /etc/ssl/certs/{{local_domainname}}-CA-chain.crt
|
2020-07-30 07:50:30 +00:00
|
|
|
|
2020-08-25 10:37:33 +00:00
|
|
|
|
2020-12-15 02:07:26 +00:00
|
|
|
#rm certificateResult.txt
|
