aboutsummaryrefslogtreecommitdiff
path: root/easy-rsa/2.0/inherit-inter
diff options
context:
space:
mode:
authorjames <james@e7ae566f-a301-0410-adde-c780ea21d3b5>2005-11-02 18:09:01 +0000
committerjames <james@e7ae566f-a301-0410-adde-c780ea21d3b5>2005-11-02 18:09:01 +0000
commit8810c26cc5782addcf1f0a40212a7d1ebe827e6f (patch)
treecdf818d2e7f8058386fba0c2a989826c4102da8c /easy-rsa/2.0/inherit-inter
parentVERSION 2.1_beta6 (diff)
downloadopenvpn-8810c26cc5782addcf1f0a40212a7d1ebe827e6f.tar.xz
Moved easy-rsa 2.0 scripts to easy-rsa/2.0 to
be compatible with 2.0.x distribution. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@757 e7ae566f-a301-0410-adde-c780ea21d3b5
Diffstat (limited to 'easy-rsa/2.0/inherit-inter')
-rwxr-xr-xeasy-rsa/2.0/inherit-inter39
1 files changed, 39 insertions, 0 deletions
diff --git a/easy-rsa/2.0/inherit-inter b/easy-rsa/2.0/inherit-inter
new file mode 100755
index 0000000..2101951
--- /dev/null
+++ b/easy-rsa/2.0/inherit-inter
@@ -0,0 +1,39 @@
+#!/bin/bash
+
+# Build a new PKI which is rooted on an intermediate certificate generated
+# by ./build-inter or ./pkitool --inter from a parent PKI. The new PKI should
+# have independent vars settings, and must use a different KEY_DIR directory
+# from the parent. This tool can be used to generate arbitrary depth
+# certificate chains.
+#
+# To build an intermediate CA, follow the same steps for a regular PKI but
+# replace ./build-key or ./pkitool --initca with this script.
+
+# The EXPORT_CA file will contain the CA certificate chain and should be
+# referenced by the OpenVPN "ca" directive in config files. The ca.crt file
+# will only contain the local intermediate CA -- it's needed by the easy-rsa
+# scripts but not by OpenVPN directly.
+EXPORT_CA="export-ca.crt"
+
+if [ $# -ne 2 ]; then
+ echo "usage: $0 <parent-key-dir> <common-name>"
+ echo "parent-key-dir: the KEY_DIR directory of the parent PKI"
+ echo "common-name: the common name of the intermediate certificate in the parent PKI"
+ exit 1;
+fi
+
+if [ "$KEY_DIR" ]; then
+ cp "$1/$2.crt" "$KEY_DIR/ca.crt"
+ cp "$1/$2.key" "$KEY_DIR/ca.key"
+
+ if [ -e "$1/$EXPORT_CA" ]; then
+ PARENT_CA="$1/$EXPORT_CA"
+ else
+ PARENT_CA="$1/ca.crt"
+ fi
+ cp "$PARENT_CA" "$KEY_DIR/$EXPORT_CA"
+ cat "$KEY_DIR/ca.crt" >> "$KEY_DIR/$EXPORT_CA"
+else
+ echo 'Please source the vars script first (i.e. "source ./vars")'
+ echo 'Make sure you have edited it to reflect your configuration.'
+fi