diff options
author | Ed Tanous <ed@tanous.net> | 2024-04-08 06:24:12 +0300 |
---|---|---|
committer | Ed Tanous <ed@tanous.net> | 2024-04-11 00:15:35 +0300 |
commit | 7b9e256961fe529ce874cae572c17baa4fa0bbc3 (patch) | |
tree | 5fa821647806452a61ac174874866ffcb93e60b2 /scripts/parse_registries.py | |
parent | f1a1e3dcca1db1ee7c39b673a387ec6cd231561b (diff) | |
download | bmcweb-7b9e256961fe529ce874cae572c17baa4fa0bbc3.tar.xz |
Fix generate auth certs
bmcs might not have the correct time, so allow certificates for 100
years starting from epoch. As is, the script makes the certificate
valid for now + 10 years. After changes make the script valid from
epoch (1970) to 100 years later (2070).
This makes the script run to completion against a qemu instance of the
bmc.
Additional changes include detecting if a CA key is already present, to
not rewrite it. This allows installing a CA certificate on test
machines once, and using it to authenticate forever.
Additionally, add "alternative names" support, for pointing to a bmc at
localhost, or on the default qemu port, which allows these things to
work by default in those scenarios.
Lastly, change the directory to use a path relative to the script path,
instead of relative to current path when generating certificates. This
ensures that certs are always generated in the same place, which helps
when a CA is reused.
Tested: Script runs to completion without errors.
Change-Id: Ia5c31041dd5cb193b897bf1f7bae3cd9767656d0
Signed-off-by: Ed Tanous <ed@tanous.net>
Diffstat (limited to 'scripts/parse_registries.py')
0 files changed, 0 insertions, 0 deletions