blob: 4f0e503ccb63bd27bc3e67025b26441818b58c8a (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
|
#!/bin/sh
# Take the correct binary to create the certificates
CERTTOOL=$(command -v gnutls-certtool 2>/dev/null || command -v certtool 2>/dev/null)
if [ -z "$CERTTOOL" ]
then
echo "ERROR: No certtool found" >&2
exit 1
fi
. ./vars
NAME=client
if [ $# -gt 0 ]
then
NAME=$1
fi
if ! [ -f "$NAME".key.pem ]
then
# Create a client key.
$CERTTOOL \
--generate-privkey \
--sec-param $SEC_PARAM \
--outfile "$NAME".key.pem
fi
chmod 600 "$NAME".key.pem
if ! [ -f "$NAME".template ]
then
# Sign a client cert with the key.
cat <<EOF >"$NAME".template
organization = $ORGANIZATION
cn = $CN
expiration_days = $EXPIRATION_DAYS
tls_www_client
encryption_key
signing_key
EOF
fi
if ! [ -f "$NAME".cert.pem ]
then
$CERTTOOL \
--generate-certificate \
--load-privkey "$NAME".key.pem \
--load-ca-certificate ca.cert.pem \
--load-ca-privkey ca.key.pem \
--template "$NAME".template \
--outfile "$NAME".cert.pem
fi
chmod 600 "$NAME".cert.pem
|
