Move PKI scripts to pki directory
This commit is contained in:
nemunaire
parent
1d65c5a836
commit
de48af8ef8
|
|
@ -25,16 +25,14 @@ function remove_directory($dir)
|
||||||
function new_client($name, $misc_dir)
|
function new_client($name, $misc_dir)
|
||||||
{
|
{
|
||||||
//TODO handle if already exist
|
//TODO handle if already exist
|
||||||
putenv("OPENSSL_CONF=$misc_dir/openssl.cnf");
|
putenv("PKI_BASEDIR=$misc_dir");
|
||||||
putenv("PKI_DIR=$misc_dir/pki");
|
return shell_exec("$misc_dir/../pki/CA.sh -newclient $name");
|
||||||
return shell_exec("$misc_dir/CA.sh -newclient $name");
|
|
||||||
}
|
}
|
||||||
|
|
||||||
function revoke_client($name, $misc_dir)
|
function revoke_client($name, $misc_dir)
|
||||||
{
|
{
|
||||||
putenv("OPENSSL_CONF=$misc_dir/openssl.cnf");
|
putenv("PKI_BASEDIR=$misc_dir");
|
||||||
putenv("PKI_DIR=$misc_dir/pki");
|
return shell_exec("$misc_dir/../pki/CA.sh -revoke $name");
|
||||||
return shell_exec("$misc_dir/CA.sh -revoke $name");
|
|
||||||
}
|
}
|
||||||
|
|
||||||
if (!empty($p[2]))
|
if (!empty($p[2]))
|
||||||
|
|
@ -49,10 +47,9 @@ if (!empty($p[2]))
|
||||||
|
|
||||||
if ($p[2] == "newca")
|
if ($p[2] == "newca")
|
||||||
{
|
{
|
||||||
putenv("OPENSSL_CONF=$misc_dir/openssl.cnf");
|
putenv("PKI_BASEDIR=$misc_dir");
|
||||||
putenv("PKI_DIR=$misc_dir/pki");
|
|
||||||
$template->assign("output",
|
$template->assign("output",
|
||||||
shell_exec("$misc_dir/CA.sh -newca"));
|
shell_exec("$misc_dir/../pki/CA.sh -newca"));
|
||||||
return "admin/shell";
|
return "admin/shell";
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
@ -64,19 +61,17 @@ if (!empty($p[2]))
|
||||||
|
|
||||||
elseif ($p[2] == "newsrv")
|
elseif ($p[2] == "newsrv")
|
||||||
{
|
{
|
||||||
putenv("OPENSSL_CONF=$misc_dir/openssl.cnf");
|
putenv("PKI_BASEDIR=$misc_dir");
|
||||||
putenv("PKI_DIR=$misc_dir/pki");
|
|
||||||
$template->assign("output",
|
$template->assign("output",
|
||||||
shell_exec("$misc_dir/CA.sh -newserver"));
|
shell_exec("$misc_dir/../pki/CA.sh -newserver"));
|
||||||
return "admin/shell";
|
return "admin/shell";
|
||||||
}
|
}
|
||||||
|
|
||||||
elseif ($p[2] == "revokesrv")
|
elseif ($p[2] == "revokesrv")
|
||||||
{
|
{
|
||||||
putenv("OPENSSL_CONF=$misc_dir/openssl.cnf");
|
putenv("PKI_BASEDIR=$misc_dir");
|
||||||
putenv("PKI_DIR=$misc_dir/pki");
|
|
||||||
$template->assign("output",
|
$template->assign("output",
|
||||||
shell_exec("$misc_dir/CA.sh -revokeserver"));
|
shell_exec("$misc_dir/../pki/CA.sh -revokeserver"));
|
||||||
return "admin/shell";
|
return "admin/shell";
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
||||||
30
misc/CA.sh → pki/CA.sh
Executable file → Normal file
30
misc/CA.sh → pki/CA.sh
Executable file → Normal file
|
|
@ -2,21 +2,21 @@
|
||||||
|
|
||||||
cd $(dirname "$0")
|
cd $(dirname "$0")
|
||||||
|
|
||||||
if [ -z "${PKI_DIR}" ]; then
|
if [ -z "${PKI_BASEDIR}" ]; then
|
||||||
PKI_DIR=pki
|
PKI_BASEDIR=pki
|
||||||
fi
|
fi
|
||||||
|
|
||||||
if [ -z "${OPENSSL_CONF}" ]; then
|
PKI_DIR=${PKI_BASEDIR}/pki
|
||||||
OPENSSL_CONF=openssl.cnf
|
SHARED_DIR=${PKI_BASEDIR}/shared
|
||||||
fi
|
OPENSSL_CONF=`pwd`/openssl.cnf
|
||||||
|
|
||||||
CAKEY=${PKI_DIR}/private/cakey.key
|
CAKEY=${PKI_DIR}/private/cakey.key
|
||||||
CAREQ=${PKI_DIR}/careq.csr
|
CAREQ=${PKI_DIR}/careq.csr
|
||||||
CACRT=./shared/cacert.crt
|
CACRT=${SHARED_DIR}/cacert.crt
|
||||||
|
|
||||||
SRVKEY=./shared/server.key
|
SRVKEY=${SHARED_DIR}/server.key
|
||||||
SRVREQ=./shared/server.csr
|
SRVREQ=${SHARED_DIR}/server.csr
|
||||||
SRVCRT=./shared/server.crt
|
SRVCRT=${SHARED_DIR}/server.crt
|
||||||
|
|
||||||
# Generate certificates valid for:
|
# Generate certificates valid for:
|
||||||
DAYS=2
|
DAYS=2
|
||||||
|
|
@ -47,13 +47,9 @@ usage()
|
||||||
clean()
|
clean()
|
||||||
{
|
{
|
||||||
if [ "$1" = "ca" ]; then
|
if [ "$1" = "ca" ]; then
|
||||||
rm -rf ${PKI_DIR}/* ./shared/*
|
rm -rf ${PKI_DIR}/* ${SHARED_DIR}/*
|
||||||
mkdir -p ${PKI_DIR}/certs
|
mkdir -p ${PKI_DIR}/certs ${PKI_DIR}/crl ${PKI_DIR}/newcerts \
|
||||||
mkdir -p ${PKI_DIR}/crl
|
${PKI_DIR}/private ${PKI_DIR}/pkcs ${SHARED_DIR}
|
||||||
mkdir -p ${PKI_DIR}/newcerts
|
|
||||||
mkdir -p ${PKI_DIR}/private
|
|
||||||
mkdir -p ${PKI_DIR}/pkcs
|
|
||||||
mkdir -p ./shared
|
|
||||||
echo "01" > ${PKI_DIR}/crlnumber
|
echo "01" > ${PKI_DIR}/crlnumber
|
||||||
elif [ "$1" = "client" ]; then
|
elif [ "$1" = "client" ]; then
|
||||||
rm -rf ${PKI_DIR}/${2}.key ${PKI_DIR}/${2}.csr
|
rm -rf ${PKI_DIR}/${2}.key ${PKI_DIR}/${2}.csr
|
||||||
|
|
@ -64,7 +60,7 @@ clean()
|
||||||
gen_crl()
|
gen_crl()
|
||||||
{
|
{
|
||||||
echo $ECHO_OPTS "${GREEN}Generate shared/crl.pem${COLOR_RST}"
|
echo $ECHO_OPTS "${GREEN}Generate shared/crl.pem${COLOR_RST}"
|
||||||
if ! openssl ca -config ${OPENSSL_CONF} -gencrl -out shared/crl.pem > $OUTPUT 2>&1
|
if ! openssl ca -config ${OPENSSL_CONF} -gencrl -out ${SHARED_DIR}/crl.pem > $OUTPUT 2>&1
|
||||||
then
|
then
|
||||||
echo $ECHO_OPTS "${RED}Generate shared/crl.pem failed"
|
echo $ECHO_OPTS "${RED}Generate shared/crl.pem failed"
|
||||||
cat $OUTPUT
|
cat $OUTPUT
|
||||||
Loading…
Reference in New Issue
Block a user