ifoster/velociraptor-docker
1
0
Fork 0
forked from external-repos/velociraptor-docker
Code Pull Requests Actions Packages Activity

add: certificate renewal support

Browse Source
This commit is contained in:
Garrett Beasley
2024-04-24 14:56:10 -07:00
parent 0591078ac3
commit 79319b614a
1 changed files with 10 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
entrypoint
View File

@@ -21,6 +21,16 @@ if [ ! -f server.config.yaml ]; then
./velociraptor --config server.config.yaml user add $VELOX_USER $VELOX_PASSWORD --role $VELOX_ROLE
fi
# Check Server Certificate Status, Re-generate if it's expiring in 24-hours or less
if true | ./velociraptor --config server.config.yaml config show --json | jq -r .Frontend.certificate | openssl x509 -text -enddate -noout -checkend 86400 >/dev/null; then
echo "Skipping renewal, certificate is not expired"
else
echo "Certificate is expired, rotating certificate."
./velociraptor --config ./server.config.yaml config rotate_key > /tmp/server.config.yaml
cp ./server.config.yaml ./server.config.yaml.bak
mv /tmp/server.config.yaml /velociraptor/.
fi
# Re-generate client config in case server config changed
./velociraptor --config server.config.yaml config client > client.config.yaml