Browse Source

Merge "Always update the local certmonger ca cert"

changes/04/785404/1
Zuul 1 week ago
committed by Gerrit Code Review
parent
commit
12ef7e9632
1 changed files with 3 additions and 5 deletions
  1. +3
    -5
      deployment/haproxy/haproxy-public-tls-certmonger.yaml

+ 3
- 5
deployment/haproxy/haproxy-public-tls-certmonger.yaml View File

@ -95,11 +95,9 @@ outputs:
shell: |
set -e
ca_pem='/etc/pki/ca-trust/source/anchors/cm-local-ca.pem'
if ! { test -e ${ca_pem} && openssl x509 -checkend 0 -noout -in ${ca_pem}; }; then
openssl pkcs12 -in /var/lib/certmonger/local/creds -out ${ca_pem} -nokeys -nodes -passin pass:''
chmod 0644 ${ca_pem}
update-ca-trust extract
fi
openssl pkcs12 -in /var/lib/certmonger/local/creds -out ${ca_pem} -nokeys -nodes -passin pass:''
chmod 0644 ${ca_pem}
update-ca-trust extract
test -e ${ca_pem} && openssl x509 -checkend 0 -noout -in ${ca_pem}
retries: 5
delay: 1


Loading…
Cancel
Save