password for client cert

2025-11-30 15:59:57 +01:00
parent 0c2f3f2e83
commit 1078e4cd53
1 changed files with 7 additions and 6 deletions
--- a/tools/create-client-cert.sh
+++ b/tools/create-client-cert.sh
@@ -1,14 +1,15 @@
 #!/bin/bash
 set -e

-# Check if client name is provided
-if [ $# -eq 0 ]; then
-    echo "Usage: $0 <client-name>"
-    echo "Example: $0 john.doe"
+# Check if client name and password are provided
+if [ $# -lt 2 ]; then
+    echo "Usage: $0 <client-name> <p12-password>"
+    echo "Example: $0 john.doe mySecurePassword123"
    exit 1
 fi

 CLIENT_NAME="$1"
+P12_PASSWORD="$2"

 # Check if CA exists
 if [ ! -f "ca/ca.crt" ] || [ ! -f "ca/ca.key" ]; then
@@ -47,7 +48,7 @@ openssl pkcs12 -export \
    -in clients/$CLIENT_NAME/$CLIENT_NAME.crt \
    -certfile ca/ca.crt \
    -name "$CLIENT_NAME Home Automation Client" \
-    -passout pass:
+    -passout pass:$P12_PASSWORD

 # Set appropriate permissions
 chmod 400 clients/$CLIENT_NAME/$CLIENT_NAME.key
@@ -67,7 +68,7 @@ echo ""
 echo "Installation Instructions:"
 echo "1. Import the PKCS#12 file into your browser/application"
 echo "2. The bundle contains both the client certificate and CA certificate"
-echo "3. No password is set for the PKCS#12 file (you can add one by modifying the -passout parameter)"
+echo "3. Password for PKCS#12 file: $P12_PASSWORD"
 echo ""
 echo "For testing with curl:"
 echo "curl --cert clients/$CLIENT_NAME/$CLIENT_NAME.crt --key clients/$CLIENT_NAME/$CLIENT_NAME.key --cacert ca/ca.crt https://homea2.hottis.de/"