Last active
May 27, 2018 18:52
-
-
Save x99percent/a73d58b1b13895dbaef233eef99e9b12 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| function usage () { | |
| echo "$0 [username]" | |
| exit 1 | |
| } | |
| if [ $# -ne 1 ] | |
| then | |
| usage | |
| fi | |
| USERNAME="$1" | |
| SSL_DIR="/opt/organizr/ssl" | |
| SSL_CONFIG="$SSL_DIR/openssl.cnf" | |
| SSL_PRIVATE_DIR="$SSL_DIR/private" | |
| SSL_CERTS_DIR="$SSL_DIR/certs" | |
| USERS_DIR="${SSL_CERTS_DIR}/users" | |
| mkdir -p ${USERS_DIR} | |
| if [ -f "${USERS_DIR}/${USERNAME}.key" ]; then | |
| echo "Key for $USERNAME already exists! Delete it to continue." | |
| exit 1 | |
| fi | |
| # Create the Client Key and CSR | |
| openssl genrsa -des3 -out ${USERS_DIR}/${USERNAME}.key 1024 -config ${SSL_CONFIG} | |
| openssl req -new -key ${USERS_DIR}/${USERNAME}.key -out ${USERS_DIR}/${USERNAME}.csr -config ${SSL_CONFIG} | |
| # Sign the client certificate with our CA cert. Unlike signing our own server cert, this is what we want to do. | |
| openssl x509 -req -days 3650 -in ${USERS_DIR}/${USERNAME}.csr -CA $SSL_CERTS_DIR/ca.crt -CAkey $SSL_PRIVATE_DIR/ca.key -CAserial $SSL_DIR/serial -CAcreateserial -out ${USERS_DIR}/${USERNAME}.crt | |
| echo "making p12 file" | |
| #browsers need P12s (contain key and cert) | |
| openssl pkcs12 -export -clcerts -in ${USERS_DIR}/${USERNAME}.crt -inkey ${USERS_DIR}/${USERNAME}.key -out ${USERS_DIR}/${USERNAME}.p12 | |
| echo "made ${USERS_DIR}/${USERNAME}.p12" |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment