Setup hourly cron job to update CRLs
[cacert-puppet.git] / sitemodules / profiles / files / base / update-crls
1 #!/bin/sh
2
3 set -e
4
5 CRL_PATH='/var/local/ssl/crls/'
6 CA_CERT='/etc/ssl/certs/ca-certificates.crt'
7 RSYNC_LOCATION='crl.cacert.org::crl'
8
9 rsync -aqz "$RSYNC_LOCATION" "$CRL_PATH"
10
11 for crl in "$CRL_PATH"*.crl
12 do
13 if openssl crl -noout -inform DER -in "$crl" -CAfile "$CA_CERT" 2>/dev/null
14 then
15 openssl crl -inform DER -in "$crl" -out "$crl".pem
16 else
17 echo "Error: Could not validate the CRL at $crl" >&2
18 fi
19 done
20
21 c_rehash "$CRL_PATH" 2>/dev/null >&2
22
23 service apache2 reload > /dev/null
24
25 exit 0