--- /dev/null
+cd /etc/strongswan/ipsec.d/
+strongswan pki --gen --type rsa --size 4096 --outform pem \
+ > private/strongswanKey.pem
+chmod 600 private/strongswanKey.pem
+strongswan pki --self --ca --lifetime 3650 \
+ --in private/strongswanKey.pem --type rsa \
+ --dn "C=JP, O=ROB-VPN-JP, CN=207.148.98.140" \
+ --outform pem \
+ > cacerts/strongswanCert.pem
--- /dev/null
+cd /etc/strongswan/ipsec.d/
+openssl pkcs12 -export -inkey private/RobKey.pem \
+ -in certs/RobCert.pem -name "Rob's Certifcate" \
+ -certfile cacerts/strongswanCert.pem \
+ -caname "207.148.98.140" \
+ -out Rob.p12
--- /dev/null
+$ cd /etc/ipsec.d/
+$ ipsec pki --signcrl --reason key-compromise \
+ --cacert cacerts/strongswanCert.pem \
+ --cakey private/strongswanKey.pem \
+ --cert certs/AlexanderCert.pem \
+ --outform pem > crls/crl.pem
--- /dev/null
+cd /etc/strongswan/ipsec.d/
+strongswan pki --gen --type rsa --size 2048 \
+ --outform pem \
+ > private/vpnHostKey.pem
+chmod 600 private/vpnHostKey.pem
+strongswan pki --pub --in private/vpnHostKey.pem --type rsa | \
+ strongswan pki --issue --lifetime 730 \
+ --cacert cacerts/strongswanCert.pem \
+ --cakey private/strongswanKey.pem \
+ --dn "C=JP, O=ROB-VPN-JP, CN=207.148.98.140" \
+ --san 207.148.98.140 \
+ --flag serverAuth --flag ikeIntermediate \
+ --outform pem > certs/vpnHostCert.pem
--- /dev/null
+cd /etc/strongswan/ipsec.d/
+strongswan pki --gen --type rsa --size 2048 \
+ --outform pem \
+ > private/RobKey.pem
+chmod 600 private/RobKey.pem
+strongswan pki --pub --in private/RobKey.pem --type rsa | \
+ strongswan pki --issue --lifetime 730 \
+ --cacert cacerts/strongswanCert.pem \
+ --cakey private/strongswanKey.pem \
+ --dn "C=JP, O=ROB-VPN-JP, CN=rakrens@gmail.com" \
+ --san rakrens@gmail.com \
+ --outform pem > certs/RobCert.pem
projects / x509-shell-scripts / commitdiff