diff options
Diffstat (limited to 'modules/caddypki/ca.go')
-rw-r--r-- | modules/caddypki/ca.go | 22 |
1 files changed, 22 insertions, 0 deletions
diff --git a/modules/caddypki/ca.go b/modules/caddypki/ca.go index f15883e..21a8bd5 100644 --- a/modules/caddypki/ca.go +++ b/modules/caddypki/ca.go @@ -24,6 +24,7 @@ import ( "github.com/caddyserver/caddy/v2" "github.com/caddyserver/certmagic" + "github.com/smallstep/truststore" "go.uber.org/zap" ) @@ -323,6 +324,27 @@ func (ca CA) newReplacer() *caddy.Replacer { return repl } +// installRoot installs this CA's root certificate into the +// local trust store(s) if it is not already trusted. The CA +// must already be provisioned. +func (ca CA) installRoot() error { + // avoid password prompt if already trusted + if trusted(ca.root) { + ca.log.Info("root certificate is already trusted by system", + zap.String("path", ca.rootCertPath)) + return nil + } + + ca.log.Warn("installing root certificate (you might be prompted for password)", + zap.String("path", ca.rootCertPath)) + + return truststore.Install(ca.root, + truststore.WithDebug(), + truststore.WithFirefox(), + truststore.WithJava(), + ) +} + const ( defaultCAID = "local" defaultCAName = "Caddy Local Authority" |