initialHEADmaster

1 files changed, 62 insertions, 0 deletions

diff --git a/client-cert.sh b/client-cert.sh
new file mode 100755
index 0000000..fe493c0
--- /dev/null
+++ b/client-cert.sh
@@ -0,0 +1,62 @@
+#!/bin/sh
+
+RST=$(tput sgr0)
+RED=$(tput setaf 1)
+GREEN=$(tput setaf 2)
+YELLOW=$(tput setaf 3)
+BOLD=$(tput bold)
+
+set -e
+
+usage() {
+	>&2 echo "usage: $0 client_name"
+	exit 1
+}
+
+echoinfo() {
+	echo "${CYAN}$@${RST}"
+}
+
+echoerr() {
+	echo "${RED}${BOLD}error:${RST}${RED} $@${RST}"
+}
+
+askpass() {
+	prompt="$1"
+	passvar="$2"
+
+	while true; do
+		echo -n "$prompt "
+		read -s $passvar
+
+		if [ ${#password} -ge 4 ]; then
+			echo
+			break
+		else
+			echoerr "Password must be at least 4 characters long."
+		fi
+	done
+}
+
+dir=$(CDPATH= cd -- "$(dirname -- "$0")" && pwd -P)
+email="admin@example.org"
+orgname="org_name"
+common_name="example.org"
+
+client_name="$1"
+[ $# -lt 1 ] && usage
+
+askpass "Enter your key password:" password
+askpass "Enter your export password:" exportpassword
+
+openssl genrsa -des3 -out $client_name.key -passout pass:$password 4096
+openssl req -new -key $client_name.key -out $client_name.csr -passin pass:$password \
+	-subj "/C=RU/ST=MOSCOW/L=/O=$orgname/OU=/CN=$common_name/emailAddress=$email"
+
+echo "${YELLOW}Now you will be asked for CA private key password.${RST}"
+openssl x509 -req -days 1825 -in "$client_name.csr" -CA "$dir/ca.crt" -CAkey "$dir/ca.key" -set_serial 01 -out "$client_name.crt" 
+
+openssl pkcs12 -export -clcerts -in $client_name.crt -inkey $client_name.key -out $client_name.p12 \
+	-passin pass:$password -passout pass:$exportpassword
+
+echo "${GREEN}Done! Your certificate is saved to ${BOLD}$client_name.p12${RST}"