From 43e9f0ef06471c389dc706d9ecbcb18a40d3c8b1 Mon Sep 17 00:00:00 2001 From: Rob Date: Mon, 19 Mar 2018 02:26:58 +0800 Subject: [PATCH 1/1] basic shell scripts for to create certs --- certification-authority.sh | 9 +++++++++ outputPKCS12.sh | 6 ++++++ revoke-certificate.sh_ | 6 ++++++ server-certificate.sh | 13 +++++++++++++ user-certificate.sh | 12 ++++++++++++ x509certificates-shellscripts.tar.gz | Bin 0 -> 738 bytes 6 files changed, 46 insertions(+) create mode 100755 certification-authority.sh create mode 100755 outputPKCS12.sh create mode 100644 revoke-certificate.sh_ create mode 100755 server-certificate.sh create mode 100755 user-certificate.sh create mode 100644 x509certificates-shellscripts.tar.gz diff --git a/certification-authority.sh b/certification-authority.sh new file mode 100755 index 0000000..1b534f5 --- /dev/null +++ b/certification-authority.sh @@ -0,0 +1,9 @@ +cd /etc/strongswan/ipsec.d/ +strongswan pki --gen --type rsa --size 4096 --outform pem \ + > private/strongswanKey.pem +chmod 600 private/strongswanKey.pem +strongswan pki --self --ca --lifetime 3650 \ + --in private/strongswanKey.pem --type rsa \ + --dn "C=JP, O=ROB-VPN-JP, CN=207.148.98.140" \ + --outform pem \ + > cacerts/strongswanCert.pem diff --git a/outputPKCS12.sh b/outputPKCS12.sh new file mode 100755 index 0000000..74a249b --- /dev/null +++ b/outputPKCS12.sh @@ -0,0 +1,6 @@ +cd /etc/strongswan/ipsec.d/ +openssl pkcs12 -export -inkey private/RobKey.pem \ + -in certs/RobCert.pem -name "Rob's Certifcate" \ + -certfile cacerts/strongswanCert.pem \ + -caname "207.148.98.140" \ + -out Rob.p12 diff --git a/revoke-certificate.sh_ b/revoke-certificate.sh_ new file mode 100644 index 0000000..dda80ea --- /dev/null +++ b/revoke-certificate.sh_ @@ -0,0 +1,6 @@ +$ cd /etc/ipsec.d/ +$ ipsec pki --signcrl --reason key-compromise \ + --cacert cacerts/strongswanCert.pem \ + --cakey private/strongswanKey.pem \ + --cert certs/AlexanderCert.pem \ + --outform pem > crls/crl.pem diff --git a/server-certificate.sh b/server-certificate.sh new file mode 100755 index 0000000..e3c5995 --- /dev/null +++ b/server-certificate.sh @@ -0,0 +1,13 @@ +cd /etc/strongswan/ipsec.d/ +strongswan pki --gen --type rsa --size 2048 \ + --outform pem \ + > private/vpnHostKey.pem +chmod 600 private/vpnHostKey.pem +strongswan pki --pub --in private/vpnHostKey.pem --type rsa | \ + strongswan pki --issue --lifetime 730 \ + --cacert cacerts/strongswanCert.pem \ + --cakey private/strongswanKey.pem \ + --dn "C=JP, O=ROB-VPN-JP, CN=207.148.98.140" \ + --san 207.148.98.140 \ + --flag serverAuth --flag ikeIntermediate \ + --outform pem > certs/vpnHostCert.pem diff --git a/user-certificate.sh b/user-certificate.sh new file mode 100755 index 0000000..ad489b7 --- /dev/null +++ b/user-certificate.sh @@ -0,0 +1,12 @@ +cd /etc/strongswan/ipsec.d/ +strongswan pki --gen --type rsa --size 2048 \ + --outform pem \ + > private/RobKey.pem +chmod 600 private/RobKey.pem +strongswan pki --pub --in private/RobKey.pem --type rsa | \ + strongswan pki --issue --lifetime 730 \ + --cacert cacerts/strongswanCert.pem \ + --cakey private/strongswanKey.pem \ + --dn "C=JP, O=ROB-VPN-JP, CN=rakrens@gmail.com" \ + --san rakrens@gmail.com \ + --outform pem > certs/RobCert.pem diff --git a/x509certificates-shellscripts.tar.gz b/x509certificates-shellscripts.tar.gz new file mode 100644 index 0000000000000000000000000000000000000000..3e8e8fa462940aa58e91fc2a12c38fa478531d20 GIT binary patch literal 738 zcmV<80v-JyiwFR;S*=89=uV<&}$9I>2GJL`lX1Ej%E6j~l+$>yu)9XwW z6%Phgi+bGBf$#Ucz#sT=&TfgLfZE zuK1i8Xt_Rvg^SY%$xSB5B%*YS&C22$(g`+6xo*lQV0Z>3hz7J=&2hNc?5w@%%6Kfu z;b{2n@&maTUR`{4eq5eA<=yCf=+oHs!ejU37#n(6+pj!Z!V&~Wx0V{=eYNqIexuJ5 zK3QIv%d^pU&+ioamUi(U_`yB@VH_g=e&A8d|30*hf0={OIz|2x?fJxk+gvI`5VaXB z?rFP{*9~SRE68Du297sO5JxbC^$>^NYci@r4n`cP=_<`9JcTV#)po4*vW`&v8x!>I z=AQq?0DNI7n9CVd@1RZt08fEm-L6qG9);m%{=K;7zx)J)GX7IPw*2oyN2ECc?y)~2 zRksPdd@2%^Vow3nQV?X{No1BQnQ;wue5}dc1u&Ym502F^T^m)NDnF+w+%ho+wd|%H zjWHCfRQK`n27~V_kOnme^@#tD*Vq;R<1lLY55l0#|AW}Z|NW?g{NJbH@rE?HL4BT! zFH)P$`Trw>m6h}2nk?n`%U@{k>TkL9iUY270qx2m4ruph*K_L%jr&`ksK+NMo01yM zQ!L5J-3Xt-S7AV9Fy^?6wWneA5O=@M6Kaw||8M$t^B+aD$^ZS>E8~BFb)DsZAKDN9 z4>iIX_FI#?xo=e)ub+9vW(rHFPt%O?)WxK!h5gFhW|~`-ludA~tgNi8tgNi8tgNi8 UtgNi8tgN1_e`Uabr2r@Z0QYl!=Kufz literal 0 HcmV?d00001 -- 2.7.4