diff options
Diffstat (limited to 'modules/caddypki/pki.go')
-rw-r--r-- | modules/caddypki/pki.go | 22 |
1 files changed, 3 insertions, 19 deletions
diff --git a/modules/caddypki/pki.go b/modules/caddypki/pki.go index 562fae2..f9aa372 100644 --- a/modules/caddypki/pki.go +++ b/modules/caddypki/pki.go @@ -18,7 +18,6 @@ import ( "fmt" "github.com/caddyserver/caddy/v2" - "github.com/smallstep/truststore" "go.uber.org/zap" ) @@ -71,30 +70,15 @@ func (p *PKI) Start() error { // install roots to trust store, if not disabled for _, ca := range p.CAs { if ca.InstallTrust != nil && !*ca.InstallTrust { - ca.log.Warn("root certificate trust store installation disabled; local clients may show warnings", + ca.log.Warn("root certificate trust store installation disabled; unconfigured clients may show warnings", zap.String("path", ca.rootCertPath)) continue } - // avoid password prompt if already trusted - if trusted(ca.root) { - ca.log.Info("root certificate is already trusted by system", - zap.String("path", ca.rootCertPath)) - continue - } - - ca.log.Warn("trusting root certificate (you might be prompted for password)", - zap.String("path", ca.rootCertPath)) - - err := truststore.Install(ca.root, - truststore.WithDebug(), - truststore.WithFirefox(), - truststore.WithJava(), - ) - if err != nil { + if err := ca.installRoot(); err != nil { // could be some system dependencies that are missing; // shouldn't totally prevent startup, but we should log it - p.log.Error("failed to install root certificate", + ca.log.Error("failed to install root certificate", zap.Error(err), zap.String("certificate_file", ca.rootCertPath)) } |