Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- #!/bin/bash
- function usage () {
- echo "$0 [CA section name] [username] [first name last name] [certificate password] [CA password]"
- echo "example: $0 bncpstest karel.jelinek@unicornsystems.eu \"Karel Jelinek\" password ia81sYLm"
- exit 1
- }
- if [ $# -ne 5 ]
- then
- usage
- fi
- CA_NAME="$1"
- USERNAME="$2"
- NAME="$3"
- CERT_PASS="$4"
- CA_PASS="$5"
- SSL_DIR="/etc/ssl"
- SSL_PRIVATE_DIR="$SSL_DIR/${CA_NAME}/private"
- SSL_CERTS_DIR="$SSL_DIR/${CA_NAME}/certs"
- USERS_DIR="${SSL_CERTS_DIR}/users"
- mkdir -p ${USERS_DIR}
- # Create the Client Key and CSR
- openssl genrsa -des3 -out ${USERS_DIR}/${USERNAME}.key -passout pass:${CERT_PASS} 1024
- openssl req \
- -new \
- -key ${USERS_DIR}/${USERNAME}.key\
- -out ${USERS_DIR}/${USERNAME}.csr\
- -subj "/C=EU/ST=Czech Republic/L=Prague/O=Unicorn Systems/CN=${NAME}/emailAddress=${USERNAME}" \
- -passout pass:${CERT_PASS}\
- -passin pass:${CERT_PASS}
- # Sign the client certificate with our CA cert. Unlike signing our own server cert, this is what we want to do.
- openssl x509 -req -days 1825 -in ${USERS_DIR}/${USERNAME}.csr -CA $SSL_CERTS_DIR/ca.crt -CAkey $SSL_PRIVATE_DIR/ca.key -CAserial $SSL_DIR/${CA_NAME}/serial -CAcreateserial -out ${USERS_DIR}/${USERNAME}.crt -passin pass:${CA_PASS}
- echo "making p12 file"
- #browsers need P12s (contain key and cert)
- openssl pkcs12 -export -clcerts -in ${USERS_DIR}/${USERNAME}.crt -inkey ${USERS_DIR}/${USERNAME}.key -out ${USERS_DIR}/${USERNAME}.p12 -passin pass:${CERT_PASS} -passout pass:${CERT_PASS}
- echo "made ${USERS_DIR}/${USERNAME}.p12"
- echo "Certificate serial number:"
- openssl x509 -in ${USERS_DIR}/${USERNAME}.crt -serial -noout
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement