robinkrens.nl - git repository - x509-shell-scripts/blob - server-certificate.sh

   1 #!/bin/bash
   2
   3 # create host key signed by CA
   4 # presumes standard directory of strongswan
   5
   6 VPN_COUNTRY="AUS"
   7 VPN_IP_ADDRESS="45.32.241.182"
   8 VPN_NAME="ROB-VPN-AUS"
   9
  10 echo "Entering strongswan config directory..."
  11 cd /etc/strongswan/ipsec.d/
  12 strongswan pki --gen --type rsa --size 2048 \
  13         --outform pem \
  14         > private/vpnHostKey.pem
  15 chmod 600 private/vpnHostKey.pem
  16 strongswan pki --pub --in private/vpnHostKey.pem --type rsa | \
  17         strongswan pki --issue --lifetime 730 \
  18         --cacert cacerts/strongswanCert.pem \
  19         --cakey private/strongswanKey.pem \
  20         --dn "C=$VPN_COUNTRY, O=$VPN_NAME, CN=$VPN_IP_ADDRESS" \
  21         --san $VPN_IP_ADDRESS \
  22         --flag serverAuth --flag ikeIntermediate \
  23         --outform pem > certs/vpnHostCert.pem