From c2ced9dfc7afbf1310a61d8e3da4f721eb2809c7 Mon Sep 17 00:00:00 2001
From: joren <jorensc@riseup.net>
Date: Thu, 20 Feb 2025 10:36:31 +0100
Subject: [PATCH] Patch to allow existing root ca

---
 wazuh-install.sh | 18 ++++++++++++++----
 1 file changed, 14 insertions(+), 4 deletions(-)

diff --git a/wazuh-install.sh b/wazuh-install.sh
index d6baf0a..c1dc598 100644
--- a/wazuh-install.sh
+++ b/wazuh-install.sh
@@ -4013,10 +4013,20 @@ function cert_generateDashboardcertificates() {
 
 }
 function cert_generateRootCAcertificate() {
-
-    common_logger "Generating the root certificate."
-    cert_executeAndValidate "openssl req -x509 -new -nodes -newkey rsa:2048 -keyout ${cert_tmp_path}/root-ca.key -out ${cert_tmp_path}/root-ca.pem -batch -subj '/OU=Wazuh/O=Wazuh/L=California/' -days 3650"
-
+    common_logger "Checking for an existing root certificate."
+    
+    # Define expected file names
+    existing_ca_key="root-ca.key"
+    existing_ca_cert="root-ca.pem"
+    
+    if [[ -f "./$existing_ca_key" && -f "./$existing_ca_cert" ]]; then
+        common_logger "Existing root certificate found. Copying to target paths."
+        cp "./$existing_ca_key" "${cert_tmp_path}/root-ca.key"
+        cp "./$existing_ca_cert" "${cert_tmp_path}/root-ca.pem"
+    else
+        common_logger "No existing root certificate found. Generating a new one."
+        cert_executeAndValidate "openssl req -x509 -new -nodes -newkey rsa:2048 -keyout ${cert_tmp_path}/root-ca.key -out ${cert_tmp_path}/root-ca.pem -batch -subj '/OU=Wazuh/O=Wazuh/L=California/' -days 3650"
+    fi
 }
 function cert_parseYaml() {