diff options
Diffstat (limited to '')
| -rwxr-xr-x | easy-rsa/build-key | 20 | ||||
| -rwxr-xr-x | easy-rsa/build-key-pass | 20 | ||||
| -rwxr-xr-x | easy-rsa/build-key-pkcs12 | 21 | ||||
| -rwxr-xr-x | easy-rsa/build-key-server | 22 |
4 files changed, 83 insertions, 0 deletions
diff --git a/easy-rsa/build-key b/easy-rsa/build-key new file mode 100755 index 0000000..3159d2b --- /dev/null +++ b/easy-rsa/build-key @@ -0,0 +1,20 @@ +#!/bin/sh + +# +# Make a certificate/private key pair using a locally generated +# root certificate. +# + +if test $# -ne 1; then + echo "usage: build-key <name>"; + exit 1 +fi + +if test $KEY_DIR; then + cd $KEY_DIR && \ + openssl req -days 3650 -nodes -new -keyout $1.key -out $1.csr -config $KEY_CONFIG && \ + openssl ca -days 3650 -out $1.crt -in $1.csr -config $KEY_CONFIG && \ + chmod 0600 $1.key +else + echo you must define KEY_DIR +fi diff --git a/easy-rsa/build-key-pass b/easy-rsa/build-key-pass new file mode 100755 index 0000000..03ab304 --- /dev/null +++ b/easy-rsa/build-key-pass @@ -0,0 +1,20 @@ +#!/bin/sh + +# +# Similar to build-key, but protect the private key +# with a password. +# + +if test $# -ne 1; then + echo "usage: build-key-pass <name>"; + exit 1 +fi + +if test $KEY_DIR; then + cd $KEY_DIR && \ + openssl req -days 3650 -new -keyout $1.key -out $1.csr -config $KEY_CONFIG && \ + openssl ca -days 3650 -out $1.crt -in $1.csr -config $KEY_CONFIG && \ + chmod 0600 $1.key +else + echo you must define KEY_DIR +fi diff --git a/easy-rsa/build-key-pkcs12 b/easy-rsa/build-key-pkcs12 new file mode 100755 index 0000000..f8a057b --- /dev/null +++ b/easy-rsa/build-key-pkcs12 @@ -0,0 +1,21 @@ +#!/bin/sh + +# +# Make a certificate/private key pair using a locally generated +# root certificate and convert it to a PKCS #12 file including the +# the CA certificate as well. + +if test $# -ne 1; then + echo "usage: build-key-pkcs12 <name>"; + exit 1 +fi + +if test $KEY_DIR; then + cd $KEY_DIR && \ + openssl req -days 3650 -nodes -new -keyout $1.key -out $1.csr -config $KEY_CONFIG && \ + openssl ca -days 3650 -out $1.crt -in $1.csr -config $KEY_CONFIG && \ + openssl pkcs12 -export -inkey $1.key -in $1.crt -certfile ca.crt -out $1.p12 && \ + chmod 0600 $1.key $1.p12 +else + echo you must define KEY_DIR +fi diff --git a/easy-rsa/build-key-server b/easy-rsa/build-key-server new file mode 100755 index 0000000..30dc41e --- /dev/null +++ b/easy-rsa/build-key-server @@ -0,0 +1,22 @@ +#!/bin/sh + +# +# Make a certificate/private key pair using a locally generated +# root certificate. +# +# Explicitly set nsCertType to server using the "server" +# extension in the openssl.cnf file. + +if test $# -ne 1; then + echo "usage: build-key-server <name>"; + exit 1 +fi + +if test $KEY_DIR; then + cd $KEY_DIR && \ + openssl req -days 3650 -nodes -new -keyout $1.key -out $1.csr -extensions server -config $KEY_CONFIG && \ + openssl ca -days 3650 -out $1.crt -in $1.csr -extensions server -config $KEY_CONFIG && \ + chmod 0600 $1.key +else + echo you must define KEY_DIR +fi |