From 999de1a4fcdeab220818193d2e496a06fe32d695 Mon Sep 17 00:00:00 2001 From: Evgeny Zinoviev Date: Sun, 14 Jan 2024 08:25:40 +0300 Subject: initial --- client-cert.sh | 62 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ create-ca.sh | 5 +++++ 2 files changed, 67 insertions(+) create mode 100755 client-cert.sh create mode 100755 create-ca.sh diff --git a/client-cert.sh b/client-cert.sh new file mode 100755 index 0000000..fe493c0 --- /dev/null +++ b/client-cert.sh @@ -0,0 +1,62 @@ +#!/bin/sh + +RST=$(tput sgr0) +RED=$(tput setaf 1) +GREEN=$(tput setaf 2) +YELLOW=$(tput setaf 3) +BOLD=$(tput bold) + +set -e + +usage() { + >&2 echo "usage: $0 client_name" + exit 1 +} + +echoinfo() { + echo "${CYAN}$@${RST}" +} + +echoerr() { + echo "${RED}${BOLD}error:${RST}${RED} $@${RST}" +} + +askpass() { + prompt="$1" + passvar="$2" + + while true; do + echo -n "$prompt " + read -s $passvar + + if [ ${#password} -ge 4 ]; then + echo + break + else + echoerr "Password must be at least 4 characters long." + fi + done +} + +dir=$(CDPATH= cd -- "$(dirname -- "$0")" && pwd -P) +email="admin@example.org" +orgname="org_name" +common_name="example.org" + +client_name="$1" +[ $# -lt 1 ] && usage + +askpass "Enter your key password:" password +askpass "Enter your export password:" exportpassword + +openssl genrsa -des3 -out $client_name.key -passout pass:$password 4096 +openssl req -new -key $client_name.key -out $client_name.csr -passin pass:$password \ + -subj "/C=RU/ST=MOSCOW/L=/O=$orgname/OU=/CN=$common_name/emailAddress=$email" + +echo "${YELLOW}Now you will be asked for CA private key password.${RST}" +openssl x509 -req -days 1825 -in "$client_name.csr" -CA "$dir/ca.crt" -CAkey "$dir/ca.key" -set_serial 01 -out "$client_name.crt" + +openssl pkcs12 -export -clcerts -in $client_name.crt -inkey $client_name.key -out $client_name.p12 \ + -passin pass:$password -passout pass:$exportpassword + +echo "${GREEN}Done! Your certificate is saved to ${BOLD}$client_name.p12${RST}" diff --git a/create-ca.sh b/create-ca.sh new file mode 100755 index 0000000..6ff0b37 --- /dev/null +++ b/create-ca.sh @@ -0,0 +1,5 @@ +#!/bin/sh + +openssl genrsa -des3 -out ca.key 4096 +openssl req -new -x509 -days 3650 -key ca.key -out ca.crt + -- cgit v1.2.3