CA mk cert user

Aus Neobiker's Wiki
Wechseln zu: Navigation, Suche

./scripts/mk_cert_user

#!/bin/sh
#
# $Id: mk_cert_user,v 1.1 2008/06/26 20:35:28 root Exp root $
#
# $Log: mk_cert_user,v $
# Revision 1.1  2008/06/26 20:35:28  root
# Initial revision
#
#

absolute_dir ()
{
    pushd $1 >/dev/null
    pwd
    popd >/dev/null
}

dir=`dirname $0`
dir=`absolute_dir $dir/..`
pushd $dir

echo ""
echo -n "UserCert Name: "
read cert

[ -z "$cert" ] && popd && exit 1

if [ -e private/${cert}Key.pem ]; then
    echo "Error: private/${cert}Key.pem exists!"
    ls -l */${cert}*
    exit 1
fi

echo "--------"
echo "${cert}Key.pem & ${cert}Req.pem ..."
echo ""

openssl req -config openssl.cnf \
            -newkey rsa:1024 \
            -keyout ${cert}Key.pem -keyform PEM \
            -out    ${cert}Req.pem -outform PEM

echo ""
echo -n "Passwort aus User-Zertifikat entfernen [n] ? "
read a

if [ "$a" == "y" -o "$a" == "Y" -o "$a" == "j" -o "$a" == "J" ]; then

    openssl rsa < ${cert}Key.pem \
                > ${cert}-Key.pem

    chmod go-rwx ${cert}-Key.pem ${cert}Key.pem
    cp ${cert}-Key.pem private
    mv ${cert}-Key.pem UserCA/private
fi
cp ${cert}Key.pem private
mv ${cert}Key.pem UserCA/private

echo "===================="
echo "${cert}Cert.pem  ..."
echo "===================="

openssl ca -config openssl.cnf \
           -name User_CA \
           -in   ${cert}Req.pem \
           -out  ${cert}Cert.pem

chmod go-rwx ${cert}Cert.pem
cp ${cert}Cert.pem certs
mv ${cert}Cert.pem UserCA/certs
mv ${cert}Req.pem  UserCA/private

echo "----------------------------------------------"
echo ""
ls -l certs private
echo ""

popd