Open ProBackup-nl opened 4 years ago
I know it's a really late answer but I solved the "waiting" part like:
while [ ! -f /etc/certificates/mynew.cert.pem ]; do sleep 1; done
I imported the new certs in a .p12 bundle.
It usually took ~10sec to create / "disassemble" the new bundle into /etc/certificates.
It turns out that Mac OS X not generating new /etc/certificates
can be controlled with daemon /System/Library/LaunchDaemons/com.apple.UserEventAgent-System.plist
(OS 10.7).
This is not a debug report, but a request for information.
I am importing new certs now manually and would like to automate on a Mac OS X server machine with serveradmin running.
I had a look at deploy/keychain.sh and use these commands:
The result becomes immediately available in $ security find-identity -v -p ssl-server -s host.domain.tld output:
Where (1) is the old, and (2) is the new cert.
The issue is that I can't use
$ sudo certupdate replace -c /etc/certificates/host.domain.tld.A...1.cert.pem -C /etc/certificates/host.domain.tld.1...3.cert.pem
because these pem files do not exist there yet.It
takes 34-35 hoursa reboot aftersecurity import
, or till the next daybefore the new8:03
pem
files are generated in/etc/certificates
Who has ideas on how to control /etc/certificates generation on Mac OS X (Lion, 10.7) Server without reboot?