fix: reuse existing OTP config during re-issue of certs
All checks were successful
ZeroDownTime/zdt-openvpn/pipeline/head This commit looks good
All checks were successful
ZeroDownTime/zdt-openvpn/pipeline/head This commit looks good
This commit is contained in:
parent
10ad744336
commit
3e0ec5fcb0
@ -32,6 +32,9 @@ cat << EOF | easyrsa build-client-full "$cn" nopass
|
||||
yes
|
||||
EOF
|
||||
|
||||
# Skip confirmation if not running in interctive mode. Essential for integration tests.
|
||||
google-authenticator --time-based --disallow-reuse --force --rate-limit=3 --rate-time=30 --window-size=3 \
|
||||
# Do not overwrite potential existing config during the re-issue flow
|
||||
if [ ! -f /etc/openvpn/otp/${cn}.google_authenticator ] ; then
|
||||
# Skip confirmation if not running in interctive mode. Essential for integration tests.
|
||||
google-authenticator --time-based --disallow-reuse --force --rate-limit=3 --rate-time=30 --window-size=3 \
|
||||
-l "${cn}" -i "${server}" -s /etc/openvpn/otp/${cn}.google_authenticator --no-confirm -q
|
||||
fi
|
||||
|
@ -32,4 +32,6 @@ echo "Revoked $cn"
|
||||
echo "Updating crl.pem"
|
||||
easyrsa gen-crl
|
||||
|
||||
rm -f $OPENVPN/pki/issued/$cn.crt $OPENVPN/pki/private/$cn.key $OPENVPN/pki/reqs/$cn.req $OPENVPN/otp/$cn.google_authenticator
|
||||
rm -f $OPENVPN/pki/issued/$cn.crt $OPENVPN/pki/private/$cn.key $OPENVPN/pki/reqs/$cn.req
|
||||
# do not delete OTP to allow reuse after re-issued cert, left overs OTP data wont hurt anyone
|
||||
# rm -f $OPENVPN/otp/$cn.google_authenticator
|
||||
|
Loading…
x
Reference in New Issue
Block a user