vpnmain.cgi: Add option to regenerate the host certificate

This is necessary since we now have a much shorter lifetime for the host certificate. However, it is complicated to do this is which is why we are copying the previous certificate and generate a new CSR. This is then signed. A caveat of this patch is that we do not rollover the key. Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
2026-04-27 19:23:24 +02:00 · 2024-01-30 17:45:44 +00:00
parent aa07e1bb3e
commit 9f01011570
13 changed files with 72 additions and 1 deletions
--- a/config/ssl/openssl.cnf
+++ b/config/ssl/openssl.cnf
@@ -23,6 +23,7 @@ default_md	= sha256
 preserve	= no
 policy		= policy_match
 email_in_dn	= no
+copy_extensions = copyall

 [ policy_match ]
 countryName		= optional