From: Rob <robin@robinkrens.nl>
Date: Wed, 21 Mar 2018 16:20:38 +0000 (+0800)
Subject: slightly more automated
X-Git-Url: https://robinkrens.nl/gitweb/?a=commitdiff_plain;h=HEAD;p=x509-shell-scripts

slightly more automated
---

diff --git a/certification-authority.sh b/certification-authority.sh
index 1b534f5..9bf1ce6 100755
--- a/certification-authority.sh
+++ b/certification-authority.sh
@@ -1,9 +1,25 @@
+#!/bin/bash
+
+# create self-signed CA certificate
+# presumes standard directory of strongswan 
+
+#S_I="ipsec"
+
+#echo "question (read variable)"
+#read S_I
+
+VPN_COUNTRY="AUS"
+VPN_IP_ADDRESS="45.32.241.182"
+VPN_NAME="ROB-VPN-AUS"
+
+
+echo "Entering strongswan config directory..."
 cd /etc/strongswan/ipsec.d/
 strongswan pki --gen --type rsa --size 4096 --outform pem \
 	> private/strongswanKey.pem
 chmod 600 private/strongswanKey.pem
 strongswan pki --self --ca --lifetime 3650 \
 	--in private/strongswanKey.pem --type rsa \
-	--dn "C=JP, O=ROB-VPN-JP, CN=207.148.98.140" \
+	--dn "C=$VPN_COUNTRY, O=$VPN_NAME, CN=$VPN_IP_ADDRESS" \
 	--outform pem \
 	> cacerts/strongswanCert.pem
diff --git a/outputPKCS12.sh b/outputPKCS12.sh
deleted file mode 100755
index 74a249b..0000000
--- a/outputPKCS12.sh
+++ /dev/null
@@ -1,6 +0,0 @@
-cd /etc/strongswan/ipsec.d/
-openssl pkcs12 -export -inkey private/RobKey.pem \
-	-in certs/RobCert.pem -name "Rob's Certifcate" \
-	-certfile cacerts/strongswanCert.pem \
-	-caname "207.148.98.140" \
-	-out Rob.p12
diff --git a/server-certificate.sh b/server-certificate.sh
index e3c5995..0d79a0a 100755
--- a/server-certificate.sh
+++ b/server-certificate.sh
@@ -1,3 +1,13 @@
+#!/bin/bash
+
+# create host key signed by CA
+# presumes standard directory of strongswan 
+
+VPN_COUNTRY="AUS"
+VPN_IP_ADDRESS="45.32.241.182"
+VPN_NAME="ROB-VPN-AUS"
+
+echo "Entering strongswan config directory..."
 cd /etc/strongswan/ipsec.d/
 strongswan pki --gen --type rsa --size 2048 \
 	--outform pem \
@@ -7,7 +17,7 @@ strongswan pki --pub --in private/vpnHostKey.pem --type rsa | \
 	strongswan pki --issue --lifetime 730 \
 	--cacert cacerts/strongswanCert.pem \
 	--cakey private/strongswanKey.pem \
-	--dn "C=JP, O=ROB-VPN-JP, CN=207.148.98.140" \
-	--san 207.148.98.140 \
+	--dn "C=$VPN_COUNTRY, O=$VPN_NAME, CN=$VPN_IP_ADDRESS" \
+	--san $VPN_IP_ADDRESS \
 	--flag serverAuth --flag ikeIntermediate \
 	--outform pem > certs/vpnHostCert.pem
diff --git a/user-certificate.sh b/user-certificate.sh
index ad489b7..57d3fd8 100755
--- a/user-certificate.sh
+++ b/user-certificate.sh
@@ -1,12 +1,37 @@
+#!/bin/bash
+
+# create user key
+# presumes standard directory of strongswan 
+
+VPN_COUNTRY="AUS"
+VPN_IP_ADDRESS="45.32.241.182"
+VPN_NAME="ROB-VPN-AUS"
+
+echo "Entering strongswan config directory..."
 cd /etc/strongswan/ipsec.d/
+
+echo -n "Enter a username: "
+read USR_NAME
+
+echo -n "Enter an email (identity): "
+read IDENTITY
+
 strongswan pki --gen --type rsa --size 2048 \
 	--outform pem \
-	> private/RobKey.pem
-chmod 600 private/RobKey.pem
-strongswan pki --pub --in private/RobKey.pem --type rsa | \
+	> private/${USR_NAME}Key.pem
+chmod 600 private/${USR_NAME}Key.pem
+strongswan pki --pub --in private/${USR_NAME}Key.pem --type rsa | \
 	strongswan pki --issue --lifetime 730 \
 	--cacert cacerts/strongswanCert.pem \
 	--cakey private/strongswanKey.pem \
-	--dn "C=JP, O=ROB-VPN-JP, CN=rakrens@gmail.com" \
-	--san rakrens@gmail.com \
-	--outform pem > certs/RobCert.pem
+	--dn "C=$VPN_COUNTRY, O=$VPN_NAME, CN=$IDENTITY" \
+	--san $IDENTITY \
+	--outform pem > certs/${USR_NAME}Cert.pem
+
+echo "Exporting to a PKCS12 file..."
+
+openssl pkcs12 -export -inkey private/${USR_NAME}Key.pem \
+	-in certs/${USR_NAME}Cert.pem -name "${USR_NAME}'s Certifcate" \
+	-certfile cacerts/strongswanCert.pem \
+	-caname "$VPN_NAME" \
+	-out $USR_NAME.p12