74 lines
2.4 KiB
Bash
Executable File
74 lines
2.4 KiB
Bash
Executable File
#!/bin/bash
|
|
set -e
|
|
|
|
# Check if client name and password are provided
|
|
if [ $# -lt 2 ]; then
|
|
echo "Usage: $0 <client-name> <p12-password>"
|
|
echo "Example: $0 john.doe mySecurePassword123"
|
|
exit 1
|
|
fi
|
|
|
|
CLIENT_NAME="$1"
|
|
P12_PASSWORD="$2"
|
|
|
|
# Check if CA exists
|
|
if [ ! -f "ca/ca.crt" ] || [ ! -f "ca/ca.key" ]; then
|
|
echo "Error: CA not found. Please run setup-ca.sh first."
|
|
exit 1
|
|
fi
|
|
|
|
echo "=== Creating Client Certificate ==="
|
|
echo "Client Name: $CLIENT_NAME"
|
|
|
|
# Create client directory
|
|
mkdir -p clients/$CLIENT_NAME
|
|
|
|
# Generate client private key
|
|
echo "Generating client private key..."
|
|
openssl genrsa -out clients/$CLIENT_NAME/$CLIENT_NAME.key 2048
|
|
|
|
# Generate client certificate signing request
|
|
echo "Generating client certificate signing request..."
|
|
openssl req -new -key clients/$CLIENT_NAME/$CLIENT_NAME.key \
|
|
-out clients/$CLIENT_NAME/$CLIENT_NAME.csr \
|
|
-subj "/DC=de/DC=hottis/DC=homea2/CN=$CLIENT_NAME"
|
|
|
|
# Sign the client certificate
|
|
echo "Signing client certificate..."
|
|
openssl x509 -req -in clients/$CLIENT_NAME/$CLIENT_NAME.csr \
|
|
-CA ca/ca.crt -CAkey ca/ca.key -CAcreateserial \
|
|
-out clients/$CLIENT_NAME/$CLIENT_NAME.crt \
|
|
-days 365 -sha256
|
|
|
|
# Create PKCS#12 bundle
|
|
echo "Creating PKCS#12 bundle..."
|
|
openssl pkcs12 -export \
|
|
-out clients/$CLIENT_NAME/$CLIENT_NAME.p12 \
|
|
-inkey clients/$CLIENT_NAME/$CLIENT_NAME.key \
|
|
-in clients/$CLIENT_NAME/$CLIENT_NAME.crt \
|
|
-certfile ca/ca.crt \
|
|
-name "$CLIENT_NAME Home Automation Client" \
|
|
-passout pass:$P12_PASSWORD
|
|
|
|
# Set appropriate permissions
|
|
chmod 400 clients/$CLIENT_NAME/$CLIENT_NAME.key
|
|
chmod 644 clients/$CLIENT_NAME/$CLIENT_NAME.crt
|
|
chmod 644 clients/$CLIENT_NAME/$CLIENT_NAME.p12
|
|
|
|
# Verify client certificate
|
|
echo "Verifying client certificate..."
|
|
openssl x509 -noout -text -in clients/$CLIENT_NAME/$CLIENT_NAME.crt
|
|
|
|
echo ""
|
|
echo "=== Client Certificate Created ==="
|
|
echo "Client Certificate: clients/$CLIENT_NAME/$CLIENT_NAME.crt"
|
|
echo "Client Private Key: clients/$CLIENT_NAME/$CLIENT_NAME.key"
|
|
echo "PKCS#12 Bundle: clients/$CLIENT_NAME/$CLIENT_NAME.p12"
|
|
echo ""
|
|
echo "Installation Instructions:"
|
|
echo "1. Import the PKCS#12 file into your browser/application"
|
|
echo "2. The bundle contains both the client certificate and CA certificate"
|
|
echo "3. Password for PKCS#12 file: $P12_PASSWORD"
|
|
echo ""
|
|
echo "For testing with curl:"
|
|
echo "curl --cert clients/$CLIENT_NAME/$CLIENT_NAME.crt --key clients/$CLIENT_NAME/$CLIENT_NAME.key --cacert ca/ca.crt https://homea2.hottis.de/" |