projects
/
x509-shell-scripts
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
slightly more automated
[x509-shell-scripts]
/
server-certificate.sh
diff --git
a/server-certificate.sh
b/server-certificate.sh
index
e3c5995
..
0d79a0a
100755
(executable)
--- a/
server-certificate.sh
+++ b/
server-certificate.sh
@@
-1,3
+1,13
@@
+#!/bin/bash
+
+# create host key signed by CA
+# presumes standard directory of strongswan
+
+VPN_COUNTRY="AUS"
+VPN_IP_ADDRESS="45.32.241.182"
+VPN_NAME="ROB-VPN-AUS"
+
+echo "Entering strongswan config directory..."
cd /etc/strongswan/ipsec.d/
strongswan pki --gen --type rsa --size 2048 \
--outform pem \
cd /etc/strongswan/ipsec.d/
strongswan pki --gen --type rsa --size 2048 \
--outform pem \
@@
-7,7
+17,7
@@
strongswan pki --pub --in private/vpnHostKey.pem --type rsa | \
strongswan pki --issue --lifetime 730 \
--cacert cacerts/strongswanCert.pem \
--cakey private/strongswanKey.pem \
strongswan pki --issue --lifetime 730 \
--cacert cacerts/strongswanCert.pem \
--cakey private/strongswanKey.pem \
- --dn "C=
JP, O=ROB-VPN-JP, CN=207.148.98.140
" \
- --san
207.148.98.140
\
+ --dn "C=
$VPN_COUNTRY, O=$VPN_NAME, CN=$VPN_IP_ADDRESS
" \
+ --san
$VPN_IP_ADDRESS
\
--flag serverAuth --flag ikeIntermediate \
--outform pem > certs/vpnHostCert.pem
--flag serverAuth --flag ikeIntermediate \
--outform pem > certs/vpnHostCert.pem