slightly more automated

[x509-shell-scripts] / server-certificate.sh

diff --git a/server-certificate.sh b/server-certificate.sh
index e3c5995..0d79a0a 100755 (executable)
--- a/server-certificate.sh
+++ b/server-certificate.sh
@@ -1,3 +1,13 @@
+#!/bin/bash
+
+# create host key signed by CA
+# presumes standard directory of strongswan 
+
+VPN_COUNTRY="AUS"
+VPN_IP_ADDRESS="45.32.241.182"
+VPN_NAME="ROB-VPN-AUS"
+
+echo "Entering strongswan config directory..."
 cd /etc/strongswan/ipsec.d/
 strongswan pki --gen --type rsa --size 2048 \
        --outform pem \
@@ -7,7 +17,7 @@ strongswan pki --pub --in private/vpnHostKey.pem --type rsa | \
        strongswan pki --issue --lifetime 730 \
        --cacert cacerts/strongswanCert.pem \
        --cakey private/strongswanKey.pem \
-       --dn "C=JP, O=ROB-VPN-JP, CN=207.148.98.140" \
-       --san 207.148.98.140 \
+       --dn "C=$VPN_COUNTRY, O=$VPN_NAME, CN=$VPN_IP_ADDRESS" \
+       --san $VPN_IP_ADDRESS \
        --flag serverAuth --flag ikeIntermediate \
        --outform pem > certs/vpnHostCert.pem