From 8810c26cc5782addcf1f0a40212a7d1ebe827e6f Mon Sep 17 00:00:00 2001 From: james Date: Wed, 2 Nov 2005 18:09:01 +0000 Subject: Moved easy-rsa 2.0 scripts to easy-rsa/2.0 to be compatible with 2.0.x distribution. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@757 e7ae566f-a301-0410-adde-c780ea21d3b5 --- easy-rsa/2.0/inherit-inter | 39 +++++++++++++++++++++++++++++++++++++++ 1 file changed, 39 insertions(+) create mode 100755 easy-rsa/2.0/inherit-inter (limited to 'easy-rsa/2.0/inherit-inter') diff --git a/easy-rsa/2.0/inherit-inter b/easy-rsa/2.0/inherit-inter new file mode 100755 index 0000000..2101951 --- /dev/null +++ b/easy-rsa/2.0/inherit-inter @@ -0,0 +1,39 @@ +#!/bin/bash + +# Build a new PKI which is rooted on an intermediate certificate generated +# by ./build-inter or ./pkitool --inter from a parent PKI. The new PKI should +# have independent vars settings, and must use a different KEY_DIR directory +# from the parent. This tool can be used to generate arbitrary depth +# certificate chains. +# +# To build an intermediate CA, follow the same steps for a regular PKI but +# replace ./build-key or ./pkitool --initca with this script. + +# The EXPORT_CA file will contain the CA certificate chain and should be +# referenced by the OpenVPN "ca" directive in config files. The ca.crt file +# will only contain the local intermediate CA -- it's needed by the easy-rsa +# scripts but not by OpenVPN directly. +EXPORT_CA="export-ca.crt" + +if [ $# -ne 2 ]; then + echo "usage: $0 " + echo "parent-key-dir: the KEY_DIR directory of the parent PKI" + echo "common-name: the common name of the intermediate certificate in the parent PKI" + exit 1; +fi + +if [ "$KEY_DIR" ]; then + cp "$1/$2.crt" "$KEY_DIR/ca.crt" + cp "$1/$2.key" "$KEY_DIR/ca.key" + + if [ -e "$1/$EXPORT_CA" ]; then + PARENT_CA="$1/$EXPORT_CA" + else + PARENT_CA="$1/ca.crt" + fi + cp "$PARENT_CA" "$KEY_DIR/$EXPORT_CA" + cat "$KEY_DIR/ca.crt" >> "$KEY_DIR/$EXPORT_CA" +else + echo 'Please source the vars script first (i.e. "source ./vars")' + echo 'Make sure you have edited it to reflect your configuration.' +fi -- cgit v1.2.3