robinkrens.nl - git repository - x509-shell-scripts/blob - user-certificate.sh

   1 #!/bin/bash
   2
   3 # create user key
   4 # presumes standard directory of strongswan
   5
   6 VPN_COUNTRY="AUS"
   7 VPN_IP_ADDRESS="45.32.241.182"
   8 VPN_NAME="ROB-VPN-AUS"
   9
  10 echo "Entering strongswan config directory..."
  11 cd /etc/strongswan/ipsec.d/
  12
  13 echo -n "Enter a username: "
  14 read USR_NAME
  15
  16 echo -n "Enter an email (identity): "
  17 read IDENTITY
  18
  19 strongswan pki --gen --type rsa --size 2048 \
  20         --outform pem \
  21         > private/${USR_NAME}Key.pem
  22 chmod 600 private/${USR_NAME}Key.pem
  23 strongswan pki --pub --in private/${USR_NAME}Key.pem --type rsa | \
  24         strongswan pki --issue --lifetime 730 \
  25         --cacert cacerts/strongswanCert.pem \
  26         --cakey private/strongswanKey.pem \
  27         --dn "C=$VPN_COUNTRY, O=$VPN_NAME, CN=$IDENTITY" \
  28         --san $IDENTITY \
  29         --outform pem > certs/${USR_NAME}Cert.pem
  30
  31 echo "Exporting to a PKCS12 file..."
  32
  33 openssl pkcs12 -export -inkey private/${USR_NAME}Key.pem \
  34         -in certs/${USR_NAME}Cert.pem -name "${USR_NAME}'s Certifcate" \
  35         -certfile cacerts/strongswanCert.pem \
  36         -caname "$VPN_NAME" \
  37         -out $USR_NAME.p12