summaryrefslogtreecommitdiff
path: root/modules/caddypki/ca.go
diff options
context:
space:
mode:
Diffstat (limited to 'modules/caddypki/ca.go')
-rw-r--r--modules/caddypki/ca.go22
1 files changed, 22 insertions, 0 deletions
diff --git a/modules/caddypki/ca.go b/modules/caddypki/ca.go
index f15883e..21a8bd5 100644
--- a/modules/caddypki/ca.go
+++ b/modules/caddypki/ca.go
@@ -24,6 +24,7 @@ import (
"github.com/caddyserver/caddy/v2"
"github.com/caddyserver/certmagic"
+ "github.com/smallstep/truststore"
"go.uber.org/zap"
)
@@ -323,6 +324,27 @@ func (ca CA) newReplacer() *caddy.Replacer {
return repl
}
+// installRoot installs this CA's root certificate into the
+// local trust store(s) if it is not already trusted. The CA
+// must already be provisioned.
+func (ca CA) installRoot() error {
+ // avoid password prompt if already trusted
+ if trusted(ca.root) {
+ ca.log.Info("root certificate is already trusted by system",
+ zap.String("path", ca.rootCertPath))
+ return nil
+ }
+
+ ca.log.Warn("installing root certificate (you might be prompted for password)",
+ zap.String("path", ca.rootCertPath))
+
+ return truststore.Install(ca.root,
+ truststore.WithDebug(),
+ truststore.WithFirefox(),
+ truststore.WithJava(),
+ )
+}
+
const (
defaultCAID = "local"
defaultCAName = "Caddy Local Authority"
generated by cgit v1.2.3 (git 2.25.1) at 2024-07-03 18:19:50 +0000