QuantumGhost
10/6/2014 - 8:31 AM

这是几个用来签发证书的脚本,请注意这需要你安装了gnutls才可以,主要当时是为了ocserv而写,纯偷懒。基本上,你只要用 ./cert-client.sh you-user-name 这种格式,就可以自动生成 you-user-name-key.pem/ your-user

这是几个用来签发证书的脚本,请注意这需要你安装了gnutls才可以,主要当时是为了ocserv而写,纯偷懒。基本上,你只要用 ./cert-client.sh you-user-name 这种格式,就可以自动生成 you-user-name-key.pem/ your-user-name-cert.pem /your-user-name.p12

cn = test
o = "Tyrael Ltd." 
email = test@abc.org
dns_name = "anyconnect.abc.org"
country = CN
state = "Shanghai"
serial = 3 
expiration_days = 3650
signing_key
encryption_key #only if the generated key is an RSA one 
tls_www_client
ipsec_ike_key
time_stamping_key
cn = "anyconnect.abc.org" 
o = "Tyrael Ltd." 
email = server@abc.org

dns_name = "anyconnect.abc.org"
country = CN
state = "Shanghai"

serial = 2 
expiration_days = 3650

signing_key 
encryption_key #only if the generated key is an RSA one 
tls_www_server 
ipsec_ike_key
time_stamping_key
cn = "abc.org VPN CA" 
state = "Shanghai"
country = CN
organization = "Tyrael Ltd." 
serial = 1 
expiration_days = 3650
email = "ca@abc.org"
dns_name = "anyconnect.abc.org"
ca 
signing_key 
encryption_key
ipsec_ike_key
cert_signing_key 
crl_signing_key 
#! /bin/sh
#! /usr/bin/expect -f


certtool --generate-privkey --outfile $1-key.pem
sed -i "1ccn = "${1}"" client.tmpl
sed -i "3cemail = ${1}@abc.org" client.tmpl
certtool --generate-certificate --load-privkey $1-key.pem --load-ca-certificate ca-cert.pem --load-ca-privkey ca-key.pem --template client.tmpl --outfile $1-cert.pem
openssl pkcs12 -export -inkey $1-key.pem -in $1-cert.pem -name "$1 VPN Client Cert" -certfile ca-cert.pem -out $1.cert.p12



exit 0