Example:
# icinga2 pki new-cert --cn icinga2a --keyfile icinga2a.key --csrfile icinga2a.csr
- # icinga2 pki sign-csr < icinga2a.csr > icinga2a.crt
+ # icinga2 pki sign-csr --csrfile icinga2a.csr --certfile icinga2a.crt
# vim cluster.conf
(replace `icinga2a` with the required hostname):
# icinga2 pki new-cert --cn icinga2a --keyfile icinga2a.key --csrfile icinga2a.csr
- # icinga2 pki sign-csr < icinga2a.csr > icinga2a.crt
+ # icinga2 pki sign-csr --csrfile icinga2a.csr --certfile icinga2a.crt
Repeat the step for all nodes in your cluster scenario.
{
visibleDesc.add_options()
("cn", po::value<std::string>(), "Common Name")
- ("keyfile", po::value<std::string>(), "Key file path")
- ("csrfile", po::value<std::string>(), "CSR file path (optional)")
- ("certfile", po::value<std::string>(), "Certificate file path (optional)");
+ ("keyfile", po::value<std::string>(), "Key file path (output")
+ ("csrfile", po::value<std::string>(), "CSR file path (optional, output)")
+ ("certfile", po::value<std::string>(), "Certificate file path (optional, output)");
+
+ argCompletionDesc["keyfile"] = BashArgumentCompletion("file");
+ argCompletionDesc["csrfile"] = BashArgumentCompletion("file");
+ argCompletionDesc["certfile"] = BashArgumentCompletion("file");
}
/**
("host", po::value<std::string>(), "Icinga 2 host")
("port", po::value<std::string>(), "Icinga 2 port")
("ticket", po::value<std::string>(), "Icinga 2 PKI ticket");
+
+ argCompletionDesc["keyfile"] = BashArgumentCompletion("file");
+ argCompletionDesc["certfile"] = BashArgumentCompletion("file");
+ argCompletionDesc["cafile"] = BashArgumentCompletion("file");
+ argCompletionDesc["host"] = BashArgumentCompletion("hostname");
+ argCompletionDesc["port"] = BashArgumentCompletion("service");
}
/**
#include "base/clicommand.hpp"
#include "base/tlsutility.hpp"
#include "base/application.hpp"
+#include <fstream>
using namespace icinga;
namespace po = boost::program_options;
boost::program_options::options_description& hiddenDesc,
ArgumentCompletionDescription& argCompletionDesc) const
{
- /* Command doesn't support any parameters. */
+ visibleDesc.add_options()
+ ("csrfile", po::value<std::string>(), "CSR file path (input)")
+ ("certfile", po::value<std::string>(), "Certificate file path (output)");
+
+ argCompletionDesc["csrfile"] = BashArgumentCompletion("file");
+ argCompletionDesc["certfile"] = BashArgumentCompletion("file");
}
/**
*/
int PKISignCSRCommand::Run(const boost::program_options::variables_map& vm, const std::vector<std::string>& ap) const
{
+ if (!vm.count("csrfile")) {
+ Log(LogCritical, "cli", "Certificate signing request file path (--csrfile) must be specified.");
+ return 1;
+ }
+
+ if (!vm.count("certfile")) {
+ Log(LogCritical, "cli", "Certificate file path (--certfile) must be specified.");
+ return 1;
+ }
+
std::stringstream msgbuf;
char errbuf[120];
InitializeOpenSSL();
- BIO *csrbio = BIO_new_fp(stdin, BIO_NOCLOSE);
+ String csrfile = vm["csrfile"].as<std::string>();
+
+ BIO *csrbio = BIO_new_file(csrfile.CStr(), "r");
X509_REQ *req = PEM_read_bio_X509_REQ(csrbio, NULL, NULL, NULL);
if (!req) {
- msgbuf << "Could not parse X509 certificate request: " << ERR_peek_error() << ", \"" << ERR_error_string(ERR_peek_error(), errbuf) << "\"";
+ msgbuf << "Could not read X509 certificate request from '" + csrfile + "': " << ERR_peek_error() << ", \"" << ERR_error_string(ERR_peek_error(), errbuf) << "\"";
Log(LogCritical, "SSL", msgbuf.str());
return 1;
}
X509_REQ_free(req);
- std::cout << CertificateToString(cert);
+ String certfile = vm["certfile"].as<std::string>();
+
+ std::ofstream fpcert;
+ fpcert.open(certfile.CStr());
+
+ if (!fpcert) {
+ Log(LogCritical, "cli", "Failed to open certificate file '" + certfile + "' for output");
+ return 1;
+ }
+
+ fpcert << CertificateToString(cert);
+ fpcert.close();
return 0;
}
projects / icinga2 / commitdiff