robinkrens.nl - git repository - x509-shell-scripts/blob - certification-authority.sh

   1 #!/bin/bash
   2
   3 # create self-signed CA certificate
   4 # presumes standard directory of strongswan
   5
   6 #S_I="ipsec"
   7
   8 #echo "question (read variable)"
   9 #read S_I
  10
  11 VPN_COUNTRY="AUS"
  12 VPN_IP_ADDRESS="45.32.241.182"
  13 VPN_NAME="ROB-VPN-AUS"
  14
  15
  16 echo "Entering strongswan config directory..."
  17 cd /etc/strongswan/ipsec.d/
  18 strongswan pki --gen --type rsa --size 4096 --outform pem \
  19         > private/strongswanKey.pem
  20 chmod 600 private/strongswanKey.pem
  21 strongswan pki --self --ca --lifetime 3650 \
  22         --in private/strongswanKey.pem --type rsa \
  23         --dn "C=$VPN_COUNTRY, O=$VPN_NAME, CN=$VPN_IP_ADDRESS" \
  24         --outform pem \
  25         > cacerts/strongswanCert.pem