Skip to content

easyrsa-tools.lib: New command 'renew ca' #1255

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
TinCanTech merged 3 commits into from
Nov 27, 2024
Merged

easyrsa-tools.lib: New command 'renew ca' #1255

TinCanTech merged 3 commits into from
Nov 27, 2024

Conversation

@TinCanTech
Copy link
Collaborator

@TinCanTech TinCanTech commented Nov 15, 2024
edited
Loading

Introduce simple CA renewal.

@TinCanTech TinCanTech self-assigned this Nov 15, 2024
@TinCanTech TinCanTech added enhancement development Possible changes ChangeLog Item easyrsa-tools.lib renew I cannot go back; No. But if you could, would you really want to? Version 3.2.2-Release labels Nov 15, 2024
@TinCanTech
easyrsa-tools.lib: New command 'renew-ca'
ba32b0d 
Sign a new CA certificate from the original CA private key.
Support all options provided by Easy-RSA, eg. 'critical' attribute.

The code is very similar to the standard 'build-ca' command, without
the generation of a new private key.

The new CA certificate will replace the old one.
The old certificate is kept in a list of expired CA certificates:
This new file is 'pki/exipred-ca-cert.list'

The final replacement of the old CA is guarded by a confirmation.
If the confirmation fails then all new data is discarded.

easyrsa: Integrate 'renew-ca' into command selection

Signed-off-by: Richard T Bonhomme <[email protected]>
@TinCanTech TinCanTech removed the development Possible changes label Nov 26, 2024
@TinCanTech TinCanTech added this to the v3.2.2 milestone Nov 26, 2024
@TinCanTech TinCanTech linked an issue Nov 26, 2024 that may be closed by this pull request
Renew CA/sub-CA #936
Open
@TinCanTech TinCanTech merged commit 62c3236 into OpenVPN:master Nov 27, 2024
4 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

@TinCanTech TinCanTech

Labels

ChangeLog Item documentation easyrsa-tools.lib enhancement renew I cannot go back; No. But if you could, would you really want to? Version 3.2.2-Release

Projects

None yet

Milestone

v3.2.2

Development

Successfully merging this pull request may close these issues.

Renew CA/sub-CA

1 participant

@TinCanTech