diff options
author | Matthew Holt <mholt@users.noreply.github.com> | 2020-03-31 17:56:36 -0600 |
---|---|---|
committer | Matthew Holt <mholt@users.noreply.github.com> | 2020-03-31 17:56:36 -0600 |
commit | 244b839f9813ae68c5527e6aadadaff0642c1a00 (patch) | |
tree | 66c0df8bbf728eed7c511f1023e84b6d4d34ac31 /modules/caddypki/pki.go | |
parent | 904d9cab390007610a65f648d05314f5826c3979 (diff) |
pki: Add trust subcommand to install root cert (closes #3204)
Diffstat (limited to 'modules/caddypki/pki.go')
-rw-r--r-- | modules/caddypki/pki.go | 22 |
1 files changed, 3 insertions, 19 deletions
diff --git a/modules/caddypki/pki.go b/modules/caddypki/pki.go index 562fae2..f9aa372 100644 --- a/modules/caddypki/pki.go +++ b/modules/caddypki/pki.go @@ -18,7 +18,6 @@ import ( "fmt" "github.com/caddyserver/caddy/v2" - "github.com/smallstep/truststore" "go.uber.org/zap" ) @@ -71,30 +70,15 @@ func (p *PKI) Start() error { // install roots to trust store, if not disabled for _, ca := range p.CAs { if ca.InstallTrust != nil && !*ca.InstallTrust { - ca.log.Warn("root certificate trust store installation disabled; local clients may show warnings", + ca.log.Warn("root certificate trust store installation disabled; unconfigured clients may show warnings", zap.String("path", ca.rootCertPath)) continue } - // avoid password prompt if already trusted - if trusted(ca.root) { - ca.log.Info("root certificate is already trusted by system", - zap.String("path", ca.rootCertPath)) - continue - } - - ca.log.Warn("trusting root certificate (you might be prompted for password)", - zap.String("path", ca.rootCertPath)) - - err := truststore.Install(ca.root, - truststore.WithDebug(), - truststore.WithFirefox(), - truststore.WithJava(), - ) - if err != nil { + if err := ca.installRoot(); err != nil { // could be some system dependencies that are missing; // shouldn't totally prevent startup, but we should log it - p.log.Error("failed to install root certificate", + ca.log.Error("failed to install root certificate", zap.Error(err), zap.String("certificate_file", ca.rootCertPath)) } |