-
Hi!
I have been quite desperately trying to find out if it is possible to make use of the "Actions list" option (using "Shell command") in order to push new certificates to remote hosts but up to now I haven't even figured out where debuggable output would be produced. Could someone give me a hint?
Thanks in advance for any help provided!
-
Hi,
You're writing a shell script, right ?
So, get all your commands, like remote copy / login, whatever straight, assemble them in a shell script, and use that one in your action list.
pfSense, and also the acme package is full with examples how to log (using PHP). -
The actions list will call a shell command as-is. Whether or not that will be able to copy certificates to other hosts depends on the rest of your configuration. You would test/debug that like any other shell script.
By default the certificates only exist in the pfSense configuration file. Unless something reads them from there and writes them out, a shell script could not easily obtain them. For example, if you have the certificate set to be used by the GUI and followed the example to have the actions list restart the GUI, it would write the certificate out to /var/etc/cert.crt and a shell script run after that could copy that file.
Otherwise it whatever script is run would (probably easiest if it's PHP) would have to parse the config.xml and read the certificate and then write it out somewhere.
Eventually we might include something like Anvil to help with this.
