Created
February 28, 2018 21:25
-
-
Save floreo/4477d167c8fd6dec573a16b7a99bf76b to your computer and use it in GitHub Desktop.
Bash script to generate OCSP for HAProy
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/env bash | |
# Generate OCSP file for every pem | |
# http://www.jinnko.org/2015/03/ocsp-stapling-with-haproxy.html | |
# Set a cron every few hours or dayli | |
## CONFIGURATION ## | |
_LE_ROOT_DIR="/root/LE/" | |
_LE_CONF_DIR="${_LE_ROOT_DIR}conf/" | |
_LE_PEM_DIR="${_LE_ROOT_DIR}pem/" | |
_LE_INTERMEDIATE_PEM="${_LE_CONF_DIR}intermediate.pem" | |
# Loop through each pem file | |
while read _pem | |
do | |
openssl ocsp -no_nonce -respout ${_pem}.ocsp -issuer ${_LE_INTERMEDIATE_PEM} -verify_other ${_LE_INTERMEDIATE_PEM} -cert ${_pem} -url http://ocsp.int-x3.letsencrypt.org/1 -header "HOST=ocsp.int-x3.letsencrypt.org" | |
done < <( ls ${_LE_PEM_DIR}*.pem ) | |
haproxy -c -f /etc/haproxy/haproxy.cfg &>/dev/null | |
if [ $? -eq 0 ] ; then | |
service haproxy reload | |
fi | |
exit 0 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment