#!/bin/bash # # A script that generates a main certificate (if it doesn't exist yet) # and client certificates, signed by the main one. # Copyright (C) 2009 Bogdan 'bogdro' Drozdowski # # # Usage: bash certgen-bash.sh [name] # name - an optional filename for the generated certificate # # This program is free software; you can redistribute it and/or # modify it under the terms of the GNU General Public License # as published by the Free Software Foundation; either version 3 # of the License, or (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program; if not, write to the Free Software Foudation: # Free Software Foundation # 51 Franklin Street, Fifth Floor # Boston, MA 02110-1301 # USA # each password >= 4 chars # each common name NOT empty # each common name different or you get "TXT_DB error number 2" if [ ! -e maincert_cert.der ]; then openssl req -x509 -days 10950 -newkey rsa:2048 -keyout maincert_key.pem -out maincert_cert.pem openssl x509 -in maincert_cert.pem -outform DER -out maincert_cert.der touch index.txt mkdir certs mkdir newcerts mkdir crl echo "01" > serial fi name= if ( test "x$1" != "x" ); then name=$1 else for ((i=0; i<4000000000; i++)); do if [ ! -e cert$i.pem ]; then break; fi done name=cert$i; fi openssl req -days 10950 -newkey rsa:2048 -keyout $name.key -out $name.req openssl ca -days 10000 -cert maincert_cert.pem -keyfile maincert_key.pem \ -in $name.req -out $name.pem openssl pkcs12 -export -in $name.pem -inkey $name.key -out $name.p12 -name "Certificate for $name" openssl pkcs12 -in $name.p12 -out $name-pub.pem -nokeys -clcerts openssl x509 -in $name-pub.pem -outform DER -out $name-pub.cer openssl crl2pkcs7 -nocrl -certfile $name-pub.pem -outform DER -out $name-pub.p7b zip $name-certs $name.key $name.p12 $name-pub.pem $name-pub.cer $name-pub.p7b