sh LetsEncrypt部署到防火墙

Posted

tags:

篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了sh LetsEncrypt部署到防火墙相关的知识,希望对你有一定的参考价值。

# Deploy LetsEncrypt cert to Palo Alto Networks Next-generation Firewall

This is a POC of an [acme.sh](http://acme.sh) deployment hooks that automatically
deploys the new certificate to a Palo Alto Networks firewall.

More information on deployment script:
https://github.com/Neilpang/acme.sh/wiki/deployhooks

## Usage

Step 1: Copy the included file (`panw.sh`) to your acme.sh deploy script
directory: `$HOME/.acme.sh/deploy/panw.sh`

Step 2: Get a LetsEncrypt certicate for your firewall:

`acme.sh --issue -d firewall.example.com`

Step 3: Deploy the LetsEcrypt certificate to your firewall:

`acme.sh --deploy -d firewall.example.com --deploy-hook panw`

Step 4: Commit.  
At this time, the commit must be done manually on the firewall
itself. In the future, the commit could be triggered on a specific LetsEncrypt
user on the firewall so that only the certificate gets commited and not other
changes made by firewall administrators.
#domain keyfile certfile cafile fullchain
panw_deploy() {
  _cdomain="$1"
  _ckey="$2"
  _ccert="$3"
  _cca="$4"
  _cfullchain="$5"

  _debug _cdomain "$_cdomain"
  _debug _ckey "$_ckey"
  _debug _ccert "$_ccert"
  _debug _cca "$_cca"
  _debug _cfullchain "$_cfullchain"

  # Install certificate on Firewall
  curl -k --form "file=@$_ccert" "https://<FW-FQDN>/api/?type=import&category=certificate&certificate-name=$_cdomain&format=pem&key=<ADD-YOUR-KEY>"
  # Install private key on Firewall
  curl -k --form "file=@$_ckey" "https://<FW-FQDN>/api/?type=import&category=private-key&certificate-name=$_cdomain&format=pem&passphrase=nonenone&key=<ADD-YOUR-KEY>"
  
  return 0
}

以上是关于sh LetsEncrypt部署到防火墙的主要内容,如果未能解决你的问题,请参考以下文章

sh 使用没有root的acme.sh设置LetsEncrypt

sh 我的Automated LetsEncrypt更新程序的第一次修订为ZNC和朋友使用letsencrypt工具

sh 用于通过letsencrypt的docker镜像更新docker nginx代理中的letsencrypt证书的模板

sh softethervpn_letsencrypt_cert_autoupdate.sh

sh #httpd #ssl #letsencrypt

sh letsencrypt