-
-
Save tianying484/cf1310d7072e991cc617 to your computer and use it in GitHub Desktop.
这是几个用来签发证书的脚本,请注意这需要你安装了gnutls才可以,主要当时是为了ocserv而写,纯偷懒。基本上,你只要用 ./cert-client.sh you-user-name 这种格式,就可以自动生成 you-user-name-key.pem/ your-user-name-cert.pem /your-user-name.p12
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #! /bin/sh | |
| #! /usr/bin/expect -f | |
| certtool --generate-privkey --outfile $1-key.pem | |
| sed -i "1ccn = "${1}"" client.tmpl | |
| sed -i "3cemail = ${1}@abc.org" client.tmpl | |
| certtool --generate-certificate --load-privkey $1-key.pem --load-ca-certificate ca-cert.pem --load-ca-privkey ca-key.pem --template client.tmpl --outfile $1-cert.pem | |
| openssl pkcs12 -export -inkey $1-key.pem -in $1-cert.pem -name "$1 VPN Client Cert" -certfile ca-cert.pem -out $1.cert.p12 | |
| exit 0 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| cn = "abc.org VPN CA" | |
| state = "Shanghai" | |
| country = CN | |
| organization = "Tyrael Ltd." | |
| serial = 1 | |
| expiration_days = 3650 | |
| email = "[email protected]" | |
| dns_name = "anyconnect.abc.org" | |
| ca | |
| signing_key | |
| encryption_key | |
| ipsec_ike_key | |
| cert_signing_key | |
| crl_signing_key |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| cn = "anyconnect.abc.org" | |
| o = "Tyrael Ltd." | |
| email = [email protected] | |
| dns_name = "anyconnect.abc.org" | |
| country = CN | |
| state = "Shanghai" | |
| serial = 2 | |
| expiration_days = 3650 | |
| signing_key | |
| encryption_key #only if the generated key is an RSA one | |
| tls_www_server | |
| ipsec_ike_key | |
| time_stamping_key |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| cn = test | |
| o = "Tyrael Ltd." | |
| email = [email protected] | |
| dns_name = "anyconnect.abc.org" | |
| country = CN | |
| state = "Shanghai" | |
| serial = 3 | |
| expiration_days = 3650 | |
| signing_key | |
| encryption_key #only if the generated key is an RSA one | |
| tls_www_client | |
| ipsec_ike_key | |
| time_stamping_key |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment