CA.sh: automatization of newclient

2013-11-12 22:20:58 +01:00 · 2013-11-12 22:20:58 +01:00 · cd6d3f9328
commit cd6d3f9328
parent 05fa4128b1
1 changed files with 20 additions and 11 deletions
--- a/misc/CA.sh
+++ b/misc/CA.sh
@ -40,7 +40,7 @@ case $1 in

        ESCAPED=$(echo "${TOP_DIR}" | sed 's/[\/\.]/\\&/g')

-        echo -e "${GREEN}Making CA key and csr${COLOR_RST}"
+#        echo -e "${GREEN}Making CA key and csr${COLOR_RST}"
        sed -i 's/=.*#COMMONNAME/= FIC2014 CA #COMMONNAME/' $OPENSSL_CONF
        sed -i "s/=.*#DIR/= ${ESCAPED} #DIR/" $OPENSSL_CONF
        sed -i "s/=.*#CERTTYPE/= server #CERTTYPE/" $OPENSSL_CONF
@ -51,12 +51,15 @@ case $1 in
                    -out ${TOP_DIR}/${CAREQ} -passout pass:$pass            \
                    -config $OPENSSL_CONF

-        echo -e "${GREEN}Self signes the CA certificate${COLOR_RST}"
+        # This line deleted the passphase for the FIC 2014 automatisation
+        openssl rsa -passin pass:$pass -in ${TOP_DIR}/private/${CAKEY}      \
+                    -out ${TOP_DIR}/private/${CAKEY}
+
+#        echo -e "${GREEN}Self signes the CA certificate${COLOR_RST}"
        openssl ca -batch -create_serial -out ${TOP_DIR}/${CACERT}          \
                -days ${DAYS} -keyfile ${TOP_DIR}/private/${CAKEY}          \
-                -selfsign -extensions v3_ca -passin pass:$pass              \
+                -selfsign -extensions v3_ca -config ${OPENSSL_CONF}         \
                -infiles ${TOP_DIR}/${CAREQ}
-        echo $pass
        ;;
    "-newserver" )
        echo -e "${GREEN}Making the Server key and cert${COLOR_RST}"
@ -82,7 +85,7 @@ case $1 in
            echo "Usage: $0 -newclient NAME"
            exit 1
        fi
-        echo -e "${GREEN}Making the client key and csr${COLOR_RST}"
+#        echo -e "${GREEN}Making the client key and csr${COLOR_RST}"

        if ! [ -f ${TOP_DIR}/private/${CAKEY} ]; then
            echo -e "${RED}Can not found the CA's key${COLOR_RST}"
@ -91,23 +94,29 @@ case $1 in
        sed -i "s/=.*#COMMONNAME/= $2#COMMONNAME/" $OPENSSL_CONF
        sed -i "s/=.*#CERTTYPE/= client #CERTTYPE/" $OPENSSL_CONF

-        openssl req -batch -new -keyout ${2}.key -out ${2}.csr -days ${DAYS}
+        pass=`pwgen 10 1`

-        echo -e "${GREEN}Signing the Client crt${COLOR_RST}"
-        openssl ca -policy policy_match -out ${2}.crt -infiles ${2}.csr
+        openssl req -batch -new -keyout ${2}.key -out ${2}.csr              \
+                    -config ${OPENSSL_CONF} -passout pass:$pass -days ${DAYS}
+
+#        echo -e "${GREEN}Signing the Client crt${COLOR_RST}"
+        openssl ca -batch -policy policy_match -out ${2}.crt                \
+                   -config ${OPENSSL_CONF} -infiles ${2}.csr
        if [ $? -ne 0 ]; then
            echo -e "${RED}Signing failed${COLOR_RST}"
            exit 3
        fi
-        echo -e "${GREEN}Export the Client files to pkcs12${COLOR_RST}"
-        openssl pkcs12 -export -inkey ${2}.key  -in ${2}.crt -name ${2} -out ${2}.p12
+#        echo -e "${GREEN}Export the Client files to pkcs12${COLOR_RST}"
+        openssl pkcs12 -export -inkey ${2}.key -in ${2}.crt -name ${2}      \
+                       -passin pass:$pass -out ${2}.p12 -passout pass:$pass
        if [ $? -ne 0 ]; then
            echo -e "${RED}pkcs12 export failed${COLOR_RST}"
            exit 4
        else
            echo -e "Exported pkcs12 file is ${2}.p12"
        fi
-
+#       TODO handle this file
+        echo "$2:$pass" >> teams.pass
        rm -rf ${2}.key ${2}.csr ${2}.crt
        ;;
    * )