#!/bin/sh -e
#
# Univention SSL
#  ssl sync script
#
# SPDX-FileCopyrightText: 2004-2025 Univention GmbH
# SPDX-License-Identifier: AGPL-3.0-only

eval "$(/usr/sbin/univention-config-registry shell ldap/master server/role hostname)"

[ "${server_role:-}" = "domaincontroller_backup" ] ||
	exit 0

SSL_PATH=/etc/univention/ssl

# copy ssl directory
univention-ssh-rsync /etc/machine.secret -az --delete "${hostname:-}\$@${ldap_master:-}:$SSL_PATH/" "$SSL_PATH"

# copy root certificate and revoke list to /var/www (linked to by overview.html)
cp "$SSL_PATH/ucsCA/CAcert.pem" /var/www/ucs-root-ca.crt || true
cp "$SSL_PATH/ucsCA/crl/ucsCA.crl" /var/www/ || true
