diff options
| author | Parménides GV <parmegv@sdf.org> | 2015-06-04 19:20:15 +0200 |
|---|---|---|
| committer | Parménides GV <parmegv@sdf.org> | 2015-06-04 19:20:15 +0200 |
| commit | 27594eeae6f40a402bc3110f06d57975168e74e3 (patch) | |
| tree | cdabf6571e6f4ff07205fd6921d8095539a1fcdc /app/openvpn/sample/sample-keys/gen-sample-keys.sh | |
| parent | 8dc4f58d96892fbfd83094fb85b1d17656035290 (diff) | |
ics-openvpn as a submodule! beautiful
ics-openvpn is now officially on GitHub, and they track openssl and
openvpn as submodules, so it's easier to update everything. Just a git
submodule update --recursive.
I've also set up soft links to native modules from ics-openvpn in app,
so that we don't copy files in Gradle (which was causing problems with
the submodules .git* files, not being copied). That makes the repo
cleaner.
Diffstat (limited to 'app/openvpn/sample/sample-keys/gen-sample-keys.sh')
| -rwxr-xr-x | app/openvpn/sample/sample-keys/gen-sample-keys.sh | 75 |
1 files changed, 0 insertions, 75 deletions
diff --git a/app/openvpn/sample/sample-keys/gen-sample-keys.sh b/app/openvpn/sample/sample-keys/gen-sample-keys.sh deleted file mode 100755 index 414687eb..00000000 --- a/app/openvpn/sample/sample-keys/gen-sample-keys.sh +++ /dev/null @@ -1,75 +0,0 @@ -#!/bin/sh -# -# Run this script to set up a test CA, and test key-certificate pair for a -# server, and various clients. -# -# Copyright (C) 2014 Steffan Karger <steffan@karger.me> -set -eu - -command -v openssl >/dev/null 2>&1 || { echo >&2 "Unable to find openssl. Please make sure openssl is installed and in your path."; exit 1; } - -if [ ! -f openssl.cnf ] -then - echo "Please run this script from the sample directory" - exit 1 -fi - -# Create required directories and files -mkdir -p sample-ca -rm -f sample-ca/index.txt -touch sample-ca/index.txt -echo "01" > sample-ca/serial - -# Generate CA key and cert -openssl req -new -newkey rsa:4096 -days 3650 -nodes -x509 \ - -extensions easyrsa_ca -keyout sample-ca/ca.key -out sample-ca/ca.crt \ - -subj "/C=KG/ST=NA/L=BISHKEK/O=OpenVPN-TEST/emailAddress=me@myhost.mydomain" \ - -config openssl.cnf - -# Create server key and cert -openssl req -new -nodes -config openssl.cnf -extensions server \ - -keyout sample-ca/server.key -out sample-ca/server.csr \ - -subj "/C=KG/ST=NA/O=OpenVPN-TEST/CN=Test-Server/emailAddress=me@myhost.mydomain" -openssl ca -batch -config openssl.cnf -extensions server \ - -out sample-ca/server.crt -in sample-ca/server.csr - -# Create client key and cert -openssl req -new -nodes -config openssl.cnf \ - -keyout sample-ca/client.key -out sample-ca/client.csr \ - -subj "/C=KG/ST=NA/O=OpenVPN-TEST/CN=Test-Client/emailAddress=me@myhost.mydomain" -openssl ca -batch -config openssl.cnf \ - -out sample-ca/client.crt -in sample-ca/client.csr - -# Create password protected key file -openssl rsa -aes256 -passout pass:password \ - -in sample-ca/client.key -out sample-ca/client-pass.key - -# Create pkcs#12 client bundle -openssl pkcs12 -export -nodes -password pass:password \ - -out sample-ca/client.p12 -inkey sample-ca/client.key \ - -in sample-ca/client.crt -certfile sample-ca/ca.crt - - -# Create EC server and client cert (signed by 'regular' RSA CA) -openssl ecparam -out sample-ca/secp256k1.pem -name secp256k1 - -openssl req -new -newkey ec:sample-ca/secp256k1.pem -nodes -config openssl.cnf \ - -extensions server \ - -keyout sample-ca/server-ec.key -out sample-ca/server-ec.csr \ - -subj "/C=KG/ST=NA/O=OpenVPN-TEST/CN=Test-Server-EC/emailAddress=me@myhost.mydomain" -openssl ca -batch -config openssl.cnf -extensions server \ - -out sample-ca/server-ec.crt -in sample-ca/server-ec.csr - -openssl req -new -newkey ec:sample-ca/secp256k1.pem -nodes -config openssl.cnf \ - -keyout sample-ca/client-ec.key -out sample-ca/client-ec.csr \ - -subj "/C=KG/ST=NA/O=OpenVPN-TEST/CN=Test-Client-EC/emailAddress=me@myhost.mydomain" -openssl ca -batch -config openssl.cnf \ - -out sample-ca/client-ec.crt -in sample-ca/client-ec.csr - -# Generate DH parameters -openssl dhparam -out dh2048.pem 2048 - -# Copy keys and certs to working directory -cp sample-ca/*.key . -cp sample-ca/*.crt . -cp sample-ca/*.p12 . |