Based on work on renewing Mac cert, some automation across all servers would be nice: - report current code deployment hash (should be identical) - report hashes of current secrets (should be identical) - automatically send email to explain mozdef emails And, some automation against one server would be handy for: - generate Mac CSR for renewal purposes - manage the keychain (file) names during renewal process - help with deployment of new key/cert to peer servers? <= maybe not Biggest bonus would be (imo) using inventory to ensure all current servers hit. That could be valuable for adhoc commands.
Darn -- the cli tool can't create the CSR -- or at least the obvious tool 'security' can not.
I have a csrtool.py that I think I used to replace the SSL certs for the signing servers. Not sure if that helps or not: https://github.com/escapewindow/docker-signing-server/blob/master/csrtool.py
You need to log in before you can comment on or make changes to this bug.