Created
February 7, 2011 11:01
-
-
Save hcooper/814247 to your computer and use it in GitHub Desktop.
Script to automate creating new OpenVPN client certificates and make them easy to download
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #! /bin/bash | |
| # Script to automate creating new OpenVPN clients | |
| # The client cert and key, along with the CA cert is | |
| # zipped up and placed somewhere to download securely | |
| # | |
| # H Cooper - 05/02/11 | |
| # | |
| # Usage: new-openvpn-client.sh <common-name> | |
| # Set where we're working from | |
| OPENVPN_RSA_DIR=/etc/openvpn/easy-rsa/2.0 | |
| OPENVPN_KEYS=$OPENVPN_RSA_DIR/keys | |
| KEY_DOWNLOAD_PATH=/var/www/secure | |
| # Either read the CN from $1 or prompt for it | |
| if [ -z "$1" ] | |
| then echo -n "Enter new client common name (CN): " | |
| read -e CN | |
| else | |
| CN=$1 | |
| fi | |
| # Ensure CN isn't blank | |
| if [ -z "$CN" ] | |
| then echo "You must provide a CN." | |
| exit | |
| fi | |
| # Check the CN doesn't already exist | |
| if [ -f $OPENVPN_KEYS/$CN.crt ] | |
| then echo "Error: certificate with the CN $CN alread exists!" | |
| echo " $OPENVPN_KEYS/$CN.crt" | |
| exit | |
| fi | |
| # Enter the easy-rsa directory and establish the default variables | |
| cd $OPENVPN_RSA_DIR | |
| source ./vars > /dev/null | |
| # Copied from build-key script (to ensure it works!) | |
| export EASY_RSA="${EASY_RSA:-.}" | |
| "$EASY_RSA/pkitool" --batch $CN | |
| # Take the new cert and place it somewhere it can be downloaded securely | |
| zip -q $KEY_DOWNLOAD_PATH/$CN-`date +%d%m%y`.zip keys/$CN.crt keys/$CN.key keys/ca.crt | |
| # Celebrate! | |
| echo "" | |
| echo "#############################################################" | |
| echo "COMPLETE! Download the new certificate here:" | |
| echo "https://domain.com/secure/$CN-`date +%d%m%y`.zip" | |
| echo "#############################################################" |
I get this error message: "Please edit the vars script to reflect your configuration, then source it with "source ./vars". Next, to start with a fresh PKI configuration and to delete any previous certificates and keys, run "./clean-all". Finally, you can run this tool (pkitool) to build certificates/keys."
Is there anyway I can run this in root?
It sounds like you have to set up Easy-RSA. I would follow this tutorial by digital ocean, and it helped me get started with using Easy-RSA.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
I get this error message:
"Please edit the vars script to reflect your configuration,
then source it with "source ./vars".
Next, to start with a fresh PKI configuration and to delete any
previous certificates and keys, run "./clean-all".
Finally, you can run this tool (pkitool) to build certificates/keys."
Is there anyway I can run this in root?