Add cert renewal to security settings
This commit is contained in:
Bob Mottram
parent
5c8633fd60
commit
6b0a1fc97f
|
|
@ -313,7 +313,7 @@ Now visit your web site at https://mydomainname.com and you should notice that t
|
|||
* How do I renew a StartSSL certificate?
|
||||
The StartSSL certificates last for a year. You can check the expiry date of your current certificate/s by going to your site and if you're using Firefox then click on the *lock icon*, select "*more information*" then "*view certificate*".
|
||||
|
||||
Before changing any certificates it's a good idea to make a backup of the existing system. Plug in a USB drive, log into the Freedombone and become the root user, then run the command *backup*. Backing up may take a while, but it ensures that if anything goes wrong and you mess up the certificates then there is a way to restore the previous ones.
|
||||
Before changing any certificates it's a good idea to make a backup of the existing system. Use /Backup and Restore/ from the control panel to make a backup of the system to a USB drive. Backing up may take a while, but it ensures that if anything goes wrong and you mess up the certificates then there is a way to restore the previous ones.
|
||||
|
||||
Make sure that you have the StartSSL certificate which was created when you initially made an account. You did save it somewhere safe, didn't you? If it's not installed into your browser then in Firefox go to *Menu/Preferences/Advanced/View Certificates*. Make sure the "*Your Cerificates*" tab is selected and click "*import*", then import the StartSSL certificate.
|
||||
|
||||
|
|
@ -326,7 +326,7 @@ Log in to the Freedombone, become the root user, then issue the renew command:
|
|||
#+BEGIN_SRC bash
|
||||
ssh username@mydomainname -p 2222
|
||||
su
|
||||
freedombone-renew-cert -h mydomainname
|
||||
freedombone-renew-cert -h mydomainname -p startssl
|
||||
#+END_SRC
|
||||
|
||||
For the email address it's a good idea to use /postmaster@mydomainname/.
|
||||
|
|
|
|||
|
|
@ -375,13 +375,32 @@ function regenerate_dh_keys {
|
|||
fi
|
||||
}
|
||||
|
||||
function renew_startssl {
|
||||
data=$(tempfile 2>/dev/null)
|
||||
trap "rm -f $data" 0 1 2 5 15
|
||||
dialog --title "Renew a StartSSL certificate" \
|
||||
--backtitle "Freedombone Security Settings" \
|
||||
--inputbox "Enter the domain name" 8 60 2>$data
|
||||
sel=$?
|
||||
case $sel in
|
||||
0)
|
||||
renew_domain=$(<$data)
|
||||
if [[ $renew_domain == *"."* ]]; then
|
||||
freedombone-renew-cert -h $renew_domain -p startssl
|
||||
fi
|
||||
;;
|
||||
esac
|
||||
exit 0
|
||||
}
|
||||
|
||||
function housekeeping {
|
||||
cmd=(dialog --separate-output \
|
||||
--backtitle "Freedombone Security Configuration" \
|
||||
--title "Housekeeping options" \
|
||||
--checklist "If you don't need to do any of these things then just press Enter:" 10 76 16)
|
||||
options=(1 "Regenerate ssh host keys" off
|
||||
2 "Regenerate Diffie-Hellman keys" off)
|
||||
2 "Regenerate Diffie-Hellman keys" off
|
||||
3 "Renew a StartSSL certificate" off)
|
||||
choices=$("${cmd[@]}" "${options[@]}" 2>&1 >/dev/tty)
|
||||
clear
|
||||
for choice in $choices
|
||||
|
|
@ -393,6 +412,9 @@ function housekeeping {
|
|||
2)
|
||||
REGENERATE_DH_KEYS="yes"
|
||||
;;
|
||||
3)
|
||||
renew_startssl
|
||||
;;
|
||||
esac
|
||||
done
|
||||
}
|
||||
|
|
|
|||
Loading…
Reference in New Issue