aboutsummaryrefslogtreecommitdiffstats
path: root/doc
diff options
context:
space:
mode:
Diffstat (limited to 'doc')
-rw-r--r--doc/certificate-renew-issued.md47
1 files changed, 47 insertions, 0 deletions
diff --git a/doc/certificate-renew-issued.md b/doc/certificate-renew-issued.md
new file mode 100644
index 0000000..e460ce1
--- /dev/null
+++ b/doc/certificate-renew-issued.md
@@ -0,0 +1,47 @@
+Renew locally issued certificates
+=================================
+
+[◀ Go back to main README](../README.md)
+
+Description
+-----------
+
+This script renews certificates issued by a local certificate authority (CA).
+Optionally the certificates are exported with individual passphrases for
+easy pick-up.
+
+Requirements and installation
+-----------------------------
+
+Just install the script:
+
+ $ScriptInstallUpdate certificate-renew-issued;
+
+Configuration
+-------------
+
+The configuration goes to `global-config-overlay`, there is just one
+parameter:
+
+* `CertRenewPass`: an array holding individual passphrases for certificates
+
+Usage and invocation
+--------------------
+
+Run the script to renew certificates issued from a local CA.
+
+ / system script run certificate-renew-issued;
+
+Only scripts with a remaining lifetime of three weeks or less are renewed.
+The old certificate is revoked automatically. If a passphrase for a specific
+certificate is given in `CertRenewPass` the certificate is exported and
+PKCS#12 file (`cert-issued/CN.p12`) can be found on device's storage.
+
+See also
+--------
+
+* [Renew certificates and notify on expiration](check-certificates.md)
+
+---
+[◀ Go back to main README](../README.md)
+[▲ Go back to top](#top)