#!/bin/sh # Take the correct binary to create the certificates CERTTOOL=$(command -v gnutls-certtool 2>/dev/null || command -v certtool 2>/dev/null) if [ -z "$CERTTOOL" ] then echo "ERROR: No certtool found" >&2 exit 1 fi . ./vars NAME=client if [ $# -gt 0 ] then NAME=$1 fi if ! [ -f "$NAME".key.pem ] then # Create a client key. $CERTTOOL \ --generate-privkey \ --sec-param $SEC_PARAM \ --outfile "$NAME".key.pem fi chmod 600 "$NAME".key.pem if ! [ -f "$NAME".template ] then # Sign a client cert with the key. cat <<EOF >"$NAME".template organization = $ORGANIZATION cn = $CN expiration_days = $EXPIRATION_DAYS tls_www_client encryption_key signing_key EOF fi if ! [ -f "$NAME".cert.pem ] then $CERTTOOL \ --generate-certificate \ --load-privkey "$NAME".key.pem \ --load-ca-certificate ca.cert.pem \ --load-ca-privkey ca.key.pem \ --template "$NAME".template \ --outfile "$NAME".cert.pem fi chmod 600 "$NAME".cert.pem