summaryrefslogtreecommitdiff
path: root/main/openvpn/sample/sample-keys/gen-sample-keys.sh
diff options
context:
space:
mode:
Diffstat (limited to 'main/openvpn/sample/sample-keys/gen-sample-keys.sh')
m---------main/openvpn0
-rwxr-xr-xmain/openvpn/sample/sample-keys/gen-sample-keys.sh78
2 files changed, 0 insertions, 78 deletions
diff --git a/main/openvpn b/main/openvpn
new file mode 160000
+Subproject 7aaf01766f9718375986600216607aeb6397200
diff --git a/main/openvpn/sample/sample-keys/gen-sample-keys.sh b/main/openvpn/sample/sample-keys/gen-sample-keys.sh
deleted file mode 100755
index 725cfc97..00000000
--- a/main/openvpn/sample/sample-keys/gen-sample-keys.sh
+++ /dev/null
@@ -1,78 +0,0 @@
-#!/bin/sh
-#
-# Run this script to set up a test CA, and test key-certificate pair for a
-# server, and various clients.
-#
-# Copyright (C) 2014 Steffan Karger <steffan@karger.me>
-set -eu
-
-command -v openssl >/dev/null 2>&1 || { echo >&2 "Unable to find openssl. Please make sure openssl is installed and in your path."; exit 1; }
-
-if [ ! -f openssl.cnf ]
-then
- echo "Please run this script from the sample directory"
- exit 1
-fi
-
-# Generate static key for tls-auth (or static key mode)
-$(dirname ${0})/../../src/openvpn/openvpn --genkey --secret ta.key
-
-# Create required directories and files
-mkdir -p sample-ca
-rm -f sample-ca/index.txt
-touch sample-ca/index.txt
-echo "01" > sample-ca/serial
-
-# Generate CA key and cert
-openssl req -new -newkey rsa:4096 -days 3650 -nodes -x509 \
- -extensions easyrsa_ca -keyout sample-ca/ca.key -out sample-ca/ca.crt \
- -subj "/C=KG/ST=NA/L=BISHKEK/O=OpenVPN-TEST/emailAddress=me@myhost.mydomain" \
- -config openssl.cnf
-
-# Create server key and cert
-openssl req -new -nodes -config openssl.cnf -extensions server \
- -keyout sample-ca/server.key -out sample-ca/server.csr \
- -subj "/C=KG/ST=NA/O=OpenVPN-TEST/CN=Test-Server/emailAddress=me@myhost.mydomain"
-openssl ca -batch -config openssl.cnf -extensions server \
- -out sample-ca/server.crt -in sample-ca/server.csr
-
-# Create client key and cert
-openssl req -new -nodes -config openssl.cnf \
- -keyout sample-ca/client.key -out sample-ca/client.csr \
- -subj "/C=KG/ST=NA/O=OpenVPN-TEST/CN=Test-Client/emailAddress=me@myhost.mydomain"
-openssl ca -batch -config openssl.cnf \
- -out sample-ca/client.crt -in sample-ca/client.csr
-
-# Create password protected key file
-openssl rsa -aes256 -passout pass:password \
- -in sample-ca/client.key -out sample-ca/client-pass.key
-
-# Create pkcs#12 client bundle
-openssl pkcs12 -export -nodes -password pass:password \
- -out sample-ca/client.p12 -inkey sample-ca/client.key \
- -in sample-ca/client.crt -certfile sample-ca/ca.crt
-
-
-# Create EC server and client cert (signed by 'regular' RSA CA)
-openssl ecparam -out sample-ca/secp256k1.pem -name secp256k1
-
-openssl req -new -newkey ec:sample-ca/secp256k1.pem -nodes -config openssl.cnf \
- -extensions server \
- -keyout sample-ca/server-ec.key -out sample-ca/server-ec.csr \
- -subj "/C=KG/ST=NA/O=OpenVPN-TEST/CN=Test-Server-EC/emailAddress=me@myhost.mydomain"
-openssl ca -batch -config openssl.cnf -extensions server \
- -out sample-ca/server-ec.crt -in sample-ca/server-ec.csr
-
-openssl req -new -newkey ec:sample-ca/secp256k1.pem -nodes -config openssl.cnf \
- -keyout sample-ca/client-ec.key -out sample-ca/client-ec.csr \
- -subj "/C=KG/ST=NA/O=OpenVPN-TEST/CN=Test-Client-EC/emailAddress=me@myhost.mydomain"
-openssl ca -batch -config openssl.cnf \
- -out sample-ca/client-ec.crt -in sample-ca/client-ec.csr
-
-# Generate DH parameters
-openssl dhparam -out dh2048.pem 2048
-
-# Copy keys and certs to working directory
-cp sample-ca/*.key .
-cp sample-ca/*.crt .
-cp sample-ca/*.p12 .