From e04860b438ee646fedbaa035dbc82e2642855710 Mon Sep 17 00:00:00 2001 From: Rob Date: Thu, 22 Mar 2018 00:20:38 +0800 Subject: [PATCH] slightly more automated --- certification-authority.sh | 18 +++++++++++++++++- outputPKCS12.sh | 6 ------ server-certificate.sh | 14 ++++++++++++-- user-certificate.sh | 37 +++++++++++++++++++++++++++++++------ 4 files changed, 60 insertions(+), 15 deletions(-) delete mode 100755 outputPKCS12.sh diff --git a/certification-authority.sh b/certification-authority.sh index 1b534f5..9bf1ce6 100755 --- a/certification-authority.sh +++ b/certification-authority.sh @@ -1,9 +1,25 @@ +#!/bin/bash + +# create self-signed CA certificate +# presumes standard directory of strongswan + +#S_I="ipsec" + +#echo "question (read variable)" +#read S_I + +VPN_COUNTRY="AUS" +VPN_IP_ADDRESS="45.32.241.182" +VPN_NAME="ROB-VPN-AUS" + + +echo "Entering strongswan config directory..." cd /etc/strongswan/ipsec.d/ strongswan pki --gen --type rsa --size 4096 --outform pem \ > private/strongswanKey.pem chmod 600 private/strongswanKey.pem strongswan pki --self --ca --lifetime 3650 \ --in private/strongswanKey.pem --type rsa \ - --dn "C=JP, O=ROB-VPN-JP, CN=207.148.98.140" \ + --dn "C=$VPN_COUNTRY, O=$VPN_NAME, CN=$VPN_IP_ADDRESS" \ --outform pem \ > cacerts/strongswanCert.pem diff --git a/outputPKCS12.sh b/outputPKCS12.sh deleted file mode 100755 index 74a249b..0000000 --- a/outputPKCS12.sh +++ /dev/null @@ -1,6 +0,0 @@ -cd /etc/strongswan/ipsec.d/ -openssl pkcs12 -export -inkey private/RobKey.pem \ - -in certs/RobCert.pem -name "Rob's Certifcate" \ - -certfile cacerts/strongswanCert.pem \ - -caname "207.148.98.140" \ - -out Rob.p12 diff --git a/server-certificate.sh b/server-certificate.sh index e3c5995..0d79a0a 100755 --- a/server-certificate.sh +++ b/server-certificate.sh @@ -1,3 +1,13 @@ +#!/bin/bash + +# create host key signed by CA +# presumes standard directory of strongswan + +VPN_COUNTRY="AUS" +VPN_IP_ADDRESS="45.32.241.182" +VPN_NAME="ROB-VPN-AUS" + +echo "Entering strongswan config directory..." cd /etc/strongswan/ipsec.d/ strongswan pki --gen --type rsa --size 2048 \ --outform pem \ @@ -7,7 +17,7 @@ strongswan pki --pub --in private/vpnHostKey.pem --type rsa | \ strongswan pki --issue --lifetime 730 \ --cacert cacerts/strongswanCert.pem \ --cakey private/strongswanKey.pem \ - --dn "C=JP, O=ROB-VPN-JP, CN=207.148.98.140" \ - --san 207.148.98.140 \ + --dn "C=$VPN_COUNTRY, O=$VPN_NAME, CN=$VPN_IP_ADDRESS" \ + --san $VPN_IP_ADDRESS \ --flag serverAuth --flag ikeIntermediate \ --outform pem > certs/vpnHostCert.pem diff --git a/user-certificate.sh b/user-certificate.sh index ad489b7..57d3fd8 100755 --- a/user-certificate.sh +++ b/user-certificate.sh @@ -1,12 +1,37 @@ +#!/bin/bash + +# create user key +# presumes standard directory of strongswan + +VPN_COUNTRY="AUS" +VPN_IP_ADDRESS="45.32.241.182" +VPN_NAME="ROB-VPN-AUS" + +echo "Entering strongswan config directory..." cd /etc/strongswan/ipsec.d/ + +echo -n "Enter a username: " +read USR_NAME + +echo -n "Enter an email (identity): " +read IDENTITY + strongswan pki --gen --type rsa --size 2048 \ --outform pem \ - > private/RobKey.pem -chmod 600 private/RobKey.pem -strongswan pki --pub --in private/RobKey.pem --type rsa | \ + > private/${USR_NAME}Key.pem +chmod 600 private/${USR_NAME}Key.pem +strongswan pki --pub --in private/${USR_NAME}Key.pem --type rsa | \ strongswan pki --issue --lifetime 730 \ --cacert cacerts/strongswanCert.pem \ --cakey private/strongswanKey.pem \ - --dn "C=JP, O=ROB-VPN-JP, CN=rakrens@gmail.com" \ - --san rakrens@gmail.com \ - --outform pem > certs/RobCert.pem + --dn "C=$VPN_COUNTRY, O=$VPN_NAME, CN=$IDENTITY" \ + --san $IDENTITY \ + --outform pem > certs/${USR_NAME}Cert.pem + +echo "Exporting to a PKCS12 file..." + +openssl pkcs12 -export -inkey private/${USR_NAME}Key.pem \ + -in certs/${USR_NAME}Cert.pem -name "${USR_NAME}'s Certifcate" \ + -certfile cacerts/strongswanCert.pem \ + -caname "$VPN_NAME" \ + -out $USR_NAME.p12 -- 2.7.4