Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    Acme: Usage of "Actions list"

    ACME
    3
    3
    798
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • I
      Inperpetuammemoriam last edited by

      Hi!

      I have been quite desperately trying to find out if it is possible to make use of the "Actions list" option (using "Shell command") in order to push new certificates to remote hosts but up to now I haven't even figured out where debuggable output would be produced. Could someone give me a hint?

      Thanks in advance for any help provided!

      1 Reply Last reply Reply Quote 0
      • Gertjan
        Gertjan last edited by

        Hi,

        You're writing a shell script, right ?
        So, get all your commands, like remote copy / login, whatever straight, assemble them in a shell script, and use that one in your action list.
        pfSense, and also the acme package is full with examples how to log (using PHP).

        No "help me" PM's please. Use the forum.

        1 Reply Last reply Reply Quote 0
        • jimp
          jimp Rebel Alliance Developer Netgate last edited by

          The actions list will call a shell command as-is. Whether or not that will be able to copy certificates to other hosts depends on the rest of your configuration. You would test/debug that like any other shell script.

          By default the certificates only exist in the pfSense configuration file. Unless something reads them from there and writes them out, a shell script could not easily obtain them. For example, if you have the certificate set to be used by the GUI and followed the example to have the actions list restart the GUI, it would write the certificate out to /var/etc/cert.crt and a shell script run after that could copy that file.

          Otherwise it whatever script is run would (probably easiest if it's PHP) would have to parse the config.xml and read the certificate and then write it out somewhere.

          Eventually we might include something like Anvil to help with this.

          Remember: Upvote with the πŸ‘ button for any user/post you find to be helpful, informative, or deserving of recognition!

          Need help fast? Netgate Global Support!

          Do not Chat/PM for help!

          1 Reply Last reply Reply Quote 0
          • First post
            Last post