From: Rob <robin@robinkrens.nl>
Date: Sun, 18 Mar 2018 18:26:58 +0000 (+0800)
Subject: basic shell scripts for to create certs
X-Git-Url: https://robinkrens.nl/gitweb/?p=x509-shell-scripts;a=commitdiff_plain;h=43e9f0ef06471c389dc706d9ecbcb18a40d3c8b1

basic shell scripts for to create certs
---

43e9f0ef06471c389dc706d9ecbcb18a40d3c8b1
diff --git a/certification-authority.sh b/certification-authority.sh
new file mode 100755
index 0000000..1b534f5
--- /dev/null
+++ b/certification-authority.sh
@@ -0,0 +1,9 @@
+cd /etc/strongswan/ipsec.d/
+strongswan pki --gen --type rsa --size 4096 --outform pem \
+	> private/strongswanKey.pem
+chmod 600 private/strongswanKey.pem
+strongswan pki --self --ca --lifetime 3650 \
+	--in private/strongswanKey.pem --type rsa \
+	--dn "C=JP, O=ROB-VPN-JP, CN=207.148.98.140" \
+	--outform pem \
+	> cacerts/strongswanCert.pem
diff --git a/outputPKCS12.sh b/outputPKCS12.sh
new file mode 100755
index 0000000..74a249b
--- /dev/null
+++ b/outputPKCS12.sh
@@ -0,0 +1,6 @@
+cd /etc/strongswan/ipsec.d/
+openssl pkcs12 -export -inkey private/RobKey.pem \
+	-in certs/RobCert.pem -name "Rob's Certifcate" \
+	-certfile cacerts/strongswanCert.pem \
+	-caname "207.148.98.140" \
+	-out Rob.p12
diff --git a/revoke-certificate.sh_ b/revoke-certificate.sh_
new file mode 100644
index 0000000..dda80ea
--- /dev/null
+++ b/revoke-certificate.sh_
@@ -0,0 +1,6 @@
+$ cd /etc/ipsec.d/
+$ ipsec pki --signcrl --reason key-compromise \
+	--cacert cacerts/strongswanCert.pem \
+	--cakey private/strongswanKey.pem \
+	--cert certs/AlexanderCert.pem \
+	--outform pem > crls/crl.pem
diff --git a/server-certificate.sh b/server-certificate.sh
new file mode 100755
index 0000000..e3c5995
--- /dev/null
+++ b/server-certificate.sh
@@ -0,0 +1,13 @@
+cd /etc/strongswan/ipsec.d/
+strongswan pki --gen --type rsa --size 2048 \
+	--outform pem \
+	> private/vpnHostKey.pem
+chmod 600 private/vpnHostKey.pem
+strongswan pki --pub --in private/vpnHostKey.pem --type rsa | \
+	strongswan pki --issue --lifetime 730 \
+	--cacert cacerts/strongswanCert.pem \
+	--cakey private/strongswanKey.pem \
+	--dn "C=JP, O=ROB-VPN-JP, CN=207.148.98.140" \
+	--san 207.148.98.140 \
+	--flag serverAuth --flag ikeIntermediate \
+	--outform pem > certs/vpnHostCert.pem
diff --git a/user-certificate.sh b/user-certificate.sh
new file mode 100755
index 0000000..ad489b7
--- /dev/null
+++ b/user-certificate.sh
@@ -0,0 +1,12 @@
+cd /etc/strongswan/ipsec.d/
+strongswan pki --gen --type rsa --size 2048 \
+	--outform pem \
+	> private/RobKey.pem
+chmod 600 private/RobKey.pem
+strongswan pki --pub --in private/RobKey.pem --type rsa | \
+	strongswan pki --issue --lifetime 730 \
+	--cacert cacerts/strongswanCert.pem \
+	--cakey private/strongswanKey.pem \
+	--dn "C=JP, O=ROB-VPN-JP, CN=rakrens@gmail.com" \
+	--san rakrens@gmail.com \
+	--outform pem > certs/RobCert.pem
diff --git a/x509certificates-shellscripts.tar.gz b/x509certificates-shellscripts.tar.gz
new file mode 100644
index 0000000..3e8e8fa
Binary files /dev/null and b/x509certificates-shellscripts.tar.gz differ