From 1078e4cd53ebcb3b4715d003cc328b3943e829c5 Mon Sep 17 00:00:00 2001
From: Wolfgang Hottgenroth <wolfgang.hottgenroth@icloud.com>
Date: Sun, 30 Nov 2025 15:59:57 +0100
Subject: [PATCH] password for client cert

---
 tools/create-client-cert.sh | 13 +++++++------
 1 file changed, 7 insertions(+), 6 deletions(-)

diff --git a/tools/create-client-cert.sh b/tools/create-client-cert.sh
index 4d64631..c1996fb 100755
--- a/tools/create-client-cert.sh
+++ b/tools/create-client-cert.sh
@@ -1,14 +1,15 @@
 #!/bin/bash
 set -e
 
-# Check if client name is provided
-if [ $# -eq 0 ]; then
-    echo "Usage: $0 <client-name>"
-    echo "Example: $0 john.doe"
+# Check if client name and password are provided
+if [ $# -lt 2 ]; then
+    echo "Usage: $0 <client-name> <p12-password>"
+    echo "Example: $0 john.doe mySecurePassword123"
     exit 1
 fi
 
 CLIENT_NAME="$1"
+P12_PASSWORD="$2"
 
 # Check if CA exists
 if [ ! -f "ca/ca.crt" ] || [ ! -f "ca/ca.key" ]; then
@@ -47,7 +48,7 @@ openssl pkcs12 -export \
     -in clients/$CLIENT_NAME/$CLIENT_NAME.crt \
     -certfile ca/ca.crt \
     -name "$CLIENT_NAME Home Automation Client" \
-    -passout pass:
+    -passout pass:$P12_PASSWORD
 
 # Set appropriate permissions
 chmod 400 clients/$CLIENT_NAME/$CLIENT_NAME.key
@@ -67,7 +68,7 @@ echo ""
 echo "Installation Instructions:"
 echo "1. Import the PKCS#12 file into your browser/application"
 echo "2. The bundle contains both the client certificate and CA certificate"
-echo "3. No password is set for the PKCS#12 file (you can add one by modifying the -passout parameter)"
+echo "3. Password for PKCS#12 file: $P12_PASSWORD"
 echo ""
 echo "For testing with curl:"
 echo "curl --cert clients/$CLIENT_NAME/$CLIENT_NAME.crt --key clients/$CLIENT_NAME/$CLIENT_NAME.key --cacert ca/ca.crt https://homea2.hottis.de/"
\ No newline at end of file