Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request #690 from Icinga:features/adds_api_certificate_ren…
…ewal Feature: Adds renewal handling for Icinga for Windows certificate Adds automatic renewal of the `icingaforwindows.pfx` certificate for the REST-Api daemon in case the certificate is not yet present, valid or changed during the runtime of the daemon while also making the `icingaforwindows.pfx` mandatory for all installations, regardless of JEA being used or not
- Loading branch information
Showing
11 changed files
with
71 additions
and
28 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
23 changes: 23 additions & 0 deletions
23
lib/daemons/RestAPI/threads/New-IcingaForWindowsCertificateThreadTaskInstance.psm1
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,23 @@ | ||
function New-IcingaForWindowsCertificateThreadTaskInstance() | ||
{ | ||
$IcingaHostname = Get-IcingaHostname -ReadConstants; | ||
|
||
while ($TRUE) { | ||
# Check every 10 minutes if our certificate is present and update it in case it is | ||
# missing or updates have happened | ||
$NewIcingaForWindowsCertificate = Get-IcingaForWindowsCertificate; | ||
|
||
if ($null -ne $NewIcingaForWindowsCertificate) { | ||
if ($NewIcingaForWindowsCertificate.Issuer.ToLower() -eq ([string]::Format('cn={0}', $IcingaHostname).ToLower())) { | ||
Write-IcingaEventMessage -EventId 1506 -Namespace 'Framework'; | ||
} else { | ||
if ($Global:Icinga.Public.SSLCertificate.GetCertHashString() -ne $NewIcingaForWindowsCertificate.GetCertHashString()) { | ||
$Global:Icinga.Public.SSLCertificate = $NewIcingaForWindowsCertificate; | ||
Write-IcingaEventMessage -EventId 2004 -Namespace 'RESTApi'; | ||
} | ||
} | ||
} | ||
|
||
Start-Sleep -Seconds (60 * 10); | ||
} | ||
} |
8 changes: 8 additions & 0 deletions
8
lib/daemons/RestAPI/threads/Start-IcingaForWindowsCertificateThreadTask.psm1
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,8 @@ | ||
function Start-IcingaForWindowsCertificateThreadTask() | ||
{ | ||
New-IcingaThreadInstance ` | ||
-Name 'CertificateRenewThread' ` | ||
-ThreadPool (New-IcingaThreadPool -MaxInstances 1) ` | ||
-Command 'New-IcingaForWindowsCertificateThreadTaskInstance' ` | ||
-Start; | ||
} |