diff options
author | Evgeniy Khramtsov <ekhramtsov@process-one.net> | 2017-11-17 17:17:19 +0300 |
---|---|---|
committer | Evgeniy Khramtsov <ekhramtsov@process-one.net> | 2017-11-17 17:17:19 +0300 |
commit | 4f12359b9c9c482eb0a7aa10eafb84f1c53b96c3 (patch) | |
tree | 1c2e0e4f9c51d1dfd323336ef2d766d3caaec73d /src/ejabberd_acme.erl | |
parent | Fix ACME options validation (diff) |
Don't forget to include intermediate ACME certificate
Thanks to Konstantinos Kallas
Diffstat (limited to '')
-rw-r--r-- | src/ejabberd_acme.erl | 10 |
1 files changed, 7 insertions, 3 deletions
diff --git a/src/ejabberd_acme.erl b/src/ejabberd_acme.erl index eb0a340da..0a25e8bf5 100644 --- a/src/ejabberd_acme.erl +++ b/src/ejabberd_acme.erl @@ -331,16 +331,20 @@ create_new_certificate(CAUrl, {DomainName, AllSubDomains}, PrivateKey) -> {<<"notBefore">>, NotBefore}, {<<"NotAfter">>, NotAfter} ], - {ok, {_CertUrl, Certificate}, _Nonce1} = + {ok, {IssuerCertLink, Certificate}, _Nonce1} = ejabberd_acme_comm:new_cert(Dirs, PrivateKey, Req, Nonce0), DecodedCert = public_key:pkix_decode_cert(list_to_binary(Certificate), plain), PemEntryCert = public_key:pem_entry_encode('Certificate', DecodedCert), + {ok, IssuerCert, _Nonce2} = ejabberd_acme_comm:get_issuer_cert(IssuerCertLink), + DecodedIssuerCert = public_key:pkix_decode_cert(list_to_binary(IssuerCert), plain), + PemEntryIssuerCert = public_key:pem_entry_encode('Certificate', DecodedIssuerCert), + {_, CSRKeyKey} = jose_jwk:to_key(CSRKey), PemEntryKey = public_key:pem_entry_encode('ECPrivateKey', CSRKeyKey), - PemCertKey = public_key:pem_encode([PemEntryKey, PemEntryCert]), + PemCertKey = public_key:pem_encode([PemEntryKey, PemEntryCert, PemEntryIssuerCert]), {ok, DomainName, PemCertKey} catch @@ -1100,13 +1104,13 @@ save_certificate({ok, DomainName, Cert}) -> %% that there is no certificate saved if it cannot be added in %% certificate persistent storage write_cert(CertificateFile, Cert, DomainName), + ok = ejabberd_pkix:add_certfile(CertificateFile), DataCert = #data_cert{ domain = DomainName, pem = Cert, path = CertificateFile }, add_certificate_persistent(DataCert), - ok = ejabberd_pkix:add_certfile(CertificateFile), {ok, DomainName, saved} catch throw:Throw -> |