Differences
This shows you the differences between two versions of the page.
Both sides previous revisionPrevious revisionNext revision | Previous revision | ||
en:utility-scripts:pfxexx [2025/03/14 12:06] – Webmaster VitaNetworks | en:utility-scripts:pfxexx [2025/03/14 15:46] (current) – Webmaster VitaNetworks | ||
---|---|---|---|
Line 4: | Line 4: | ||
===== Background ====== | ===== Background ====== | ||
+ | |||
The ACME client on OPNsense has a lot of useful utilities (such as installing certificates on Synology' | The ACME client on OPNsense has a lot of useful utilities (such as installing certificates on Synology' | ||
Line 12: | Line 13: | ||
The original idea for this was to add an automation per certificate so the process would focus only on that certificate, | The original idea for this was to add an automation per certificate so the process would focus only on that certificate, | ||
- | The ACME plugin creates a random directory under ''/ | + | The ACME plugin creates a random directory under ''/ |
- | + | ||
- | So instead the script will list the subdirectories of ''/ | + | |
+ | So instead the script will: | ||
+ | 1. Find subdirectories of: | ||
+ | 1.1 ''/ | ||
+ | 1.1.1 '' | ||
+ | 1.1.2 '' | ||
+ | 1.2 ''/ | ||
+ | 1.2.1 '' | ||
+ | 2. If all files are found under the matching directory name, it will proceed to decode the common name (cn) value of the certificate | ||
+ | 3. It will retrieve the passphrase stored in the file referenced by variable '' | ||
+ | 4. Using the CN value, and the password from pfile; it will create a new PFX file in ''/ | ||
===== Installation ===== | ===== Installation ===== | ||
- | | ||
+ | There' | ||
+ | |||
+ | ''/ | ||
+ | |||
+ | You don't need to transfer files to the firewall, as out sites allow hotlinking, you can just use curl to get the script if you please. Additionally, | ||
+ | |||
+ | Assuming you'll be downloading to ''/ | ||
+ | 1. Create a save location if it doesn' | ||
+ | mkdir -p ''/ | ||
+ | The command above does nothing if the directory already exists. | ||
+ | 2. Download: | ||
+ | curl -o < | ||
+ | <code bash> | ||
+ | curl -o / | ||
+ | </ | ||
+ | |||
+ | ===== Options/ | ||
+ | |||
+ | Neither of the only two options affect how the script works, they only affect the amount of '' | ||
+ | |||
+ | ==== --unmute ==== | ||
+ | |||
+ | The script normally discards all output to avoid slowing down firewalls and reduce wearing of flash storage. This option eliminates the discarding of the minimal data it would otherwise output. | ||
+ | |||
+ | ==== --debug ==== | ||
+ | |||
+ | This is for testing the script itself, not so much about certificates. Pretty much a useless option for most people. | ||
+ | |||
+ | ===== Requirements ===== | ||
+ | |||
+ | The script must be edited or at least review to verify the variables are correct at least reviewed edite hard-coded with the variab | ||
- | <code bash pfxexx> | + | <code bash [enable_line_numbers=" |
# | # | ||