Last active
March 26, 2024 16:05
-
-
Save otsuka752/e51a400af5783285b8aa0f4216e0ec05 to your computer and use it in GitHub Desktop.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| ########## CHANGE ME ########## | |
| # | |
| # names of CAs for "auto" | |
| # | |
| auto_base_root='root00' | |
| auto_base_inter_CAs='inter01 inter02 inter03' | |
| # | |
| # names of CAs for "auto-cross" | |
| # | |
| auto_cross_base_root='root10' | |
| auto_cross_base_inter_3L='inter11' | |
| auto_cross_base_inter_4L='inter12' | |
| auto_cross_cross_ca='cross' # not RootCA and not self-signed, but InterCA and signed by another CA | |
| auto_cross_dest_root='root20' | |
| auto_cross_dest_inter_3L='inter21' | |
| auto_cross_dest_inter_4L='inter22' | |
| ########## CHANGE ME ########## | |
| ########## CHANGE LOG ########## | |
| # 2024-03-26 : add '--batch' for v3.1.7 | |
| # ./easyrsa build-server-full www.example.jp nopass => ./easyrsa --batch build-server-full www.example.jp nopass | |
| # ./easyrsa build-client-full www.example.jp nopass => ./easyrsa --batch build-client-full www.example.jp nopass | |
| ########## CHANGE LOG ########## | |
| # | |
| # URL of OpenVPN/easy-rsa (git and zip) | |
| # | |
| URL_OpenVPN_easy_rsa_git='https://github.com/OpenVPN/easy-rsa.git' | |
| URL_OpenVPN_easy_rsa_zip='https://github.com/OpenVPN/easy-rsa/archive/master.zip' | |
| # | |
| # usage_all() | |
| # | |
| usage_all() { | |
| debug_ "usage_all() : $@" | |
| cat <<EOF | |
| NAME | |
| easyrsa-wrapper | |
| DESCRIPTION | |
| wrapper script of Easy-RSA 3 | |
| SYNOPSIS | |
| ./easyrsa-wrapper (sub-command) (options) | |
| ./easyrsa-wrapper help (sub-command) | |
| ./easyrsa-wrapper auto dir-0 | |
| ./easyrsa-wrapper auto-cross dir-1 dir-2 | |
| ./easyrsa-wrapper auto-simple dir RootCA InterCA(s) | |
| ./easyrsa-wrapper my-build-rootca dir CA | |
| ./easyrsa-wrapper my-build-interca dir CA | |
| ./easyrsa-wrapper my-build-crossca base-dir base-CA dest-dir signing-CA | |
| ./easyrsa-wrapper my-sign-req dir signed-ca signing-ca | |
| EXAMPLE | |
| ./easyrsa-wrapper auto /tmp/dir-0 | |
| ./easyrsa-wrapper auto-cross /tmp/dir-1 /tmp/dir-2 | |
| ./easyrsa-wrapper auto-simple /tmp/dir RootCA InterCA-1 InterCA-2 InterCA-3 | |
| ./easyrsa-wrapper my-build-rootca /tmp/dir RootCA | |
| ./easyrsa-wrapper my-build-interca /tmp/dir InterCA | |
| ./easyrsa-wrapper my-build-crossca /tmp/base-dir base-CA /tmp/dest-dir signing-CA | |
| ./easyrsa-wrapper my-sign-req /tmp/dir InterCA RootCA | |
| OPTIONS | |
| This script try to "git clone" or "curl/wget master.zip" every time by default. | |
| Set "EASYRSA_WRAPPER_TEMPLATE" (environment variable) to use local tree as template, | |
| Try below: | |
| $ mkdir /tmp/my-template | |
| $ cd /tmp/my-template/ | |
| To use local tree as template, you need run only one of the following commands: | |
| $ git clone ${URL_OpenVPN_easy_rsa_git} | |
| $ curl -L ${URL_OpenVPN_easy_rsa_zip} -o master.zip | |
| $ wget ${URL_OpenVPN_easy_rsa_zip} | |
| $ export EASYRSA_WRAPPER_TEMPLATE=/tmp/my-template | |
| $ ./easyrsa-wrapper auto /tmp/dir-0 | |
| SEE ALSO | |
| OpenVPN/easy-rsa https://github.com/OpenVPN/easy-rsa | |
| Easy-RSA 3 https://community.openvpn.net/openvpn/wiki/EasyRSA | |
| NOTICE | |
| This script does *NOT* execute openssl (OpenSSL command line tool) directly now | |
| Use absolute path such as /home/ec2-user/repo (relative path such as ./repo is NOT supported) | |
| EOF | |
| } # => usage_all() | |
| # | |
| # usage_my_auto_simple() | |
| # | |
| usage_my_auto_simple() { | |
| debug_ "usage_my_auto_simple() : $@" | |
| cat <<EOF | |
| NAME | |
| auto-simple | |
| DESCRIPTION | |
| build RootCA and InterCA(s) automatically | |
| EXAMPLES | |
| ./easyrsa-wrapper auto-simple (dir/absolute-path) RootCA InterCA-1 InterCA-2 InterCA-3 ... | |
| ./easyrsa-wrapper auto-simple /home/ec2-user/repo RootCA InterCA-1 InterCA-2 InterCA-3 ... | |
| REPOSITORIES | |
| in /home/ec2-user/repo/ | |
| RootCA -- InterCA-1 -- (EE) | |
| +- InterCA-2 -- (EE) | |
| +- InterCA-3 -- (EE) | |
| ... | |
| +- InterCA-n -- (EE) | |
| ... | |
| HOW TO ISSUE EE CERTIFICATES | |
| cd /home/ec2-user/repo/InterCA-1/ (or InterCA-2 or InterCA-3 ...) | |
| cd ./easy-rsa/easyrsa3/ | |
| ./easyrsa --batch build-client-full client.sub.example.jp nopass | |
| ./easyrsa --batch build-client-full server.sub.example.jp nopass | |
| NOTICE | |
| Use absolute path such as /home/ec2-user/repo (relative path such as ./repo is NOT supported) | |
| EOF | |
| } # => usage_my_auto_simple() | |
| # | |
| # usage_my_auto() | |
| # | |
| usage_my_auto() { | |
| debug_ "usage_my_auto() : $@" | |
| cat <<EOF | |
| NAME | |
| auto | |
| DESCRIPTION | |
| build x1 Certificate tree using specific CA-names below: | |
| CA-names : "${auto_base_root} ${auto_base_inter_CAs}" | |
| you can change the CA-names by editing "auto_base_root" and "auto_base_InterCAs" in this script. | |
| EXAMPLES | |
| ./easyrsa-wrapper auto dir-0 | |
| ./easyrsa-wrapper auto /home/ec2-user/repo0 | |
| REPOSITORIES | |
| in /home/ec2-user/repo0/ | |
| root10 -- inter01 -- (EE) | |
| +- inter02 -- (EE) | |
| +- inter03 -- (EE) | |
| +- inter04 -- (EE) | |
| HOW TO ISSUE EE CERTIFICATES | |
| cd /home/ec2-user/repo0/inter01/ (or inter02 or inter03 or inter04) | |
| cd ./easy-rsa/easyrsa3/ | |
| ./easyrsa --batch build-client-full client.sub.example.jp nopass | |
| ./easyrsa --batch build-client-full server.sub.example.jp nopass | |
| NOTICE | |
| Use absolute path such as /home/ec2-user/repo (relative path such as ./repo is NOT supported) | |
| EOF | |
| } # => usage_my_auto() | |
| # | |
| # usage_my_auto_cross() | |
| # | |
| usage_my_auto_cross() { | |
| debug_ "usage_my_auto_cross() : $@" | |
| cat <<EOF | |
| NAME | |
| auto-cross | |
| DESCRIPTION | |
| build x2 Certificate trees using CrossRootCA with specific CA-names below: | |
| CA-names : ${auto_cross_base_root} ${auto_cross_base_inter_3L} ${auto_cross_base_inter_4L} \ | |
| ${auto_cross_cross_ca} ${auto_cross_dest_root} ${auto_cross_dest_inter_3L} ${auto_cross_dest_inter_4L} | |
| you can change the CA-names by editing "auto_crosss_XXX" in this script. | |
| EXAMPLES | |
| ./easyrsa-wrapper auto-cross dir-1 dir-2 | |
| ./easyrsa-wrapper auto-cross /home/ec2-user/repo1 /home/ec2-user/repo2 | |
| REPOSITORIES | |
| in /home/ec2-user/repo1/ | |
| root10 ----------- inter11 -- (EE) | |
| +- cross -- inter12 -- (EE) | |
| in /home/ec2-user/repo2/ | |
| root20 ----------- inter21 -- (EE) | |
| +- cross -- inter22 -- (EE) | |
| Note: issuer of inter22 are both cross(root10) and cross(root20) | |
| HOW TO ISSUE EE CERTIFICATES | |
| cd /home/ec2-user/repo1/inter11/ (or inter12 or inter21 or inter22) | |
| cd ./easy-rsa/easyrsa3/ | |
| ./easyrsa --batch build-client-full client.sub.example.jp nopass | |
| ./easyrsa --batch build-client-full server.sub.example.jp nopass | |
| NOTICE | |
| Use absolute path such as /home/ec2-user/repo (relative path such as ./repo is NOT supported) | |
| EOF | |
| } # => usage_my_auto_cross() | |
| # | |
| # usage_my_build_rootca() | |
| # | |
| usage_my_build_rootca() { | |
| debug_ "usage_my_build_rootca() : $@" | |
| cat <<EOF | |
| NAME | |
| my-build-rootca | |
| DESCRIPTION | |
| build RootCA who has self-signed certificate | |
| EXAMPLES | |
| ./easyrsa-wrapper my-build-rootca (dir) (name-of-RootCA) | |
| ./easyrsa-wrapper my-build-rootca /home/ec2-user/repo RootCA | |
| REPOSITORIES | |
| in /home/ec2-user/repo1/ | |
| RootCA (self-signed) | |
| NOTICE | |
| Use absolute path such as /home/ec2-user/repo (relative path such as ./repo is NOT supported) | |
| EOF | |
| } # => usage_my_build_rootca() | |
| # | |
| # usage_my_build_interca() | |
| # | |
| usage_my_build_interca() { | |
| debug_ "usage_my_build_interca() : $@" | |
| cat <<EOF | |
| NAME | |
| my-build-interca | |
| DESCRIPTION | |
| build non-signed InterCA or CrossRootCA | |
| EXAMPLES | |
| ./easyrsa-wrapper my-build-interca (dir) (name-of-InterCA or CrossRootCA) | |
| ./easyrsa-wrapper my-build-interca /home/ec2-user/repo InterCA | |
| HOW TO ISSUE EE CERTIFICATES | |
| you have to execute "my-sign-req" or "my_build_crossca" to issue certificates | |
| NOTICE | |
| Use absolute path such as /home/ec2-user/repo (relative path such as ./repo is NOT supported) | |
| EOF | |
| } # => usage_my_build_interca() | |
| # | |
| # usage_my_sign_req() | |
| # | |
| usage_my_sign_req() { | |
| debug_ "usage_my_sign_req() : $@" | |
| cat <<EOF | |
| NAME | |
| my-sign-req | |
| DESCRIPTION | |
| signing-ca sign CSR(*.req) of signed-ca with CA:true | |
| use build-client-full or build-server-full to create EE cert(s) | |
| EXAMPLES | |
| ./easyrsa-wrapper my-sign-req /home/ec2-user/repo signed-ca signing-ca | |
| ./easyrsa-wrapper my-sign-req /home/ec2-user/repo InterCA RootCA | |
| ./easyrsa-wrapper my-sign-req /home/ec2-user/repo InterCA InterCA2 | |
| NOTICE | |
| Use absolute path such as /home/ec2-user/repo (relative path such as ./repo is NOT supported) | |
| EOF | |
| } # => usage_my_sign_req() | |
| # | |
| # usage_my_build_crossca() | |
| # | |
| usage_my_build_crossca() { | |
| debug_ "usage_my_build_crossca() : $@" | |
| cat <<EOF | |
| NAME | |
| my-build-crossca | |
| DESCRIPTION | |
| build CrossRoot Inter-CA (*NOT* RootCA but InterCA) | |
| (want to build self-signed CrossRootCA using only OpenVPN/easy-rsa but I can't it now) | |
| EXAMPLES | |
| ./easyrsa-wrapper my-build-crossca (base-dir) (base-ca) (dest-dir) (signing-ca) | |
| ./easyrsa-wrapper my-build-crossca /home/ec2-user/repo CrossRoot /home/ec2-user/another-repo RootCA | |
| ./easyrsa-wrapper my-build-crossca /home/ec2-user/repo CrossRoot /home/ec2-user/another-repo InterCA | |
| NOTICE | |
| Use absolute path such as /home/ec2-user/repo (relative path such as ./repo is NOT supported) | |
| EOF | |
| } # => usage_my_build_crossca() | |
| ### usage_end ### | |
| print() { printf "%s\n" "$*"; printf "\n" || exit 1; } | |
| die() { | |
| tput setaf 1 | |
| print " | |
| ### | |
| ### easyrsa-wrapper error: | |
| ### | |
| $1" 1>&2 | |
| tput sgr0 | |
| exit "${2:-1}" | |
| } # => die() | |
| # | |
| # print messages in color / 0:black 1:red 2:green 3:yellow 4:blue 5:magenta 6:cyan 7:white | |
| # | |
| message_() { message2_ "$@"; } | |
| message1_() { tput setaf 1; tput bold; echo -e "$@"; tput sgr0; } | |
| message2_() { tput setaf 2; tput bold; echo -e "$@"; tput sgr0; } | |
| message5_() { tput setaf 5; tput bold; echo -e "$@"; tput sgr0; } | |
| debug_() { [ "${EASYRSA_WRAPPER_DEBUG:x}" ] && message1_ "$@"; } | |
| # | |
| # easyrsa_prepare_check() | |
| # | |
| easyrsa_prepare_check() { | |
| debug_ "easyrsa_prepare_check() : $@" | |
| if [ "$#" -ne 2 ]; then | |
| die "Error: number of arguments is wrong at easyrsa_prepare_check()" | |
| fi | |
| dir="$1"; ca="$2" | |
| if [ ! -d "${dir}/${ca}" ]; then | |
| return 2 ### not prepared, create_template_in_dir() | |
| else | |
| ### check check check ### | |
| return 0 ### already prepared or used/dirty-dir, not run create_template_in_dir() | |
| fi | |
| } # => easyrsa_prepare_check() | |
| # | |
| # create_template_in_dir() | |
| # | |
| create_template_in_dir() { | |
| debug_ "create_template_in_dir() : $@" | |
| if [ "$#" -ne 2 ]; then | |
| die "Error: number of arguments is wrong at create_template_in_dir()" | |
| fi | |
| dir="$1"; ca="$2" | |
| mkdir -p "${dir}/${ca}" || die "Error: could not mkdir(make dir) ${dir}" | |
| ( cd "${dir}/${ca}" || rmdir "${dir}/${ca}" ) || die "Error: could not cd(change dir) to ${dir}" | |
| test ! -e "${dir}/${ca}/easy-rsa" || die "Error: "easy-rsa" has already exist" | |
| ### use local-template at "${EASYRSA_WRAPPER_TEMPLATE}" | |
| if [ -n "${EASYRSA_WRAPPER_TEMPLATE}" ]; then | |
| debug_ "ENV : EASYRSA_WRAPPER_TEMPLATE != 0 : using local-template" | |
| set -u | |
| cd "${dir}/${ca}/" || die "Error: can not cd" | |
| ( cp -a "${EASYRSA_WRAPPER_TEMPLATE}/easy-rsa" ./easy-rsa ) 2> /dev/null || \ | |
| ( cp -a "${EASYRSA_WRAPPER_TEMPLATE}/easy-rsa-master" ./easy-rsa ) 2> /dev/null || \ | |
| ( unzip "${EASYRSA_WRAPPER_TEMPLATE}/master.zip" && mv easy-rsa{-master,} ) 2> /dev/null || \ | |
| die "Error: file(s) in 'EASYRSA_WRAPPER_TEMPLATE=${EASYRSA_WRAPPER_TEMPLATE}' are NOT valid" | |
| set +u | |
| else | |
| ### don't use local-template and "git clone" or "curl/wget" | |
| debug_ "download_template "${dir}" "${ca}"" | |
| download_template "${dir}" "${ca}" || die "Error: could not download" | |
| fi | |
| } # => create_template_in_dir() | |
| # | |
| # download_template() | |
| # if not set "${EASYRSA_WRAPPER_TEMPLATE}" use "git clone" or "curl/wget" | |
| # | |
| download_template() { | |
| debug_ "download_template() : $@" | |
| if [ "$#" -ne 2 ]; then | |
| die "Error: number of arguments is wrong at download_template()" | |
| fi | |
| dir="$1"; ca="$2" | |
| mkdir -p "${dir}/${ca}" || die "Error: could not mkdir(make dir) ${dir}" | |
| ( cd "${dir}/${ca}" || rmdir "${dir}/${ca}" ) || die "Error: could not cd(change dir) to ${dir}" | |
| test ! -e "${dir}/${ca}/easy-rsa" || die "Error: "easy-rsa" has already exist" | |
| ### git or curl or wget | |
| cd "${dir}/${ca}" || die "Error: could not cd(change dir) to ${dir}" | |
| if $(type git > /dev/null 2>&1); then | |
| debug_ "download_template() : git clone "${URL_OpenVPN_easy_rsa_git}"" | |
| ( git clone "${URL_OpenVPN_easy_rsa_git}" ) || die "Error: failed at "git clone"" | |
| elif $(type curl > /dev/null 2>&1); then | |
| debug_ "download_template() : curl -L "${URL_OpenVPN_easy_rsa_zip}"" | |
| ( curl -L "${URL_OpenVPN_easy_rsa_zip}" -o master.zip && \ | |
| unzip master.zip && \ | |
| mv easy-rsa-master easy-rsa ) || die "Error: failed at "curl"" | |
| elif $(type wget > /dev/null 2>&1); then | |
| debug_ "download_template() : wget "${URL_OpenVPN_easy_rsa_zip}"" | |
| ( wget "${URL_OpenVPN_easy_rsa_zip}" && \ | |
| unzip master.zip && \ | |
| mv easy-rsa-master easy-rsa ) || die "Error: failed at "wget"" | |
| else | |
| die "Error: all of \"git, curl, wget\" command not found" | |
| fi | |
| } # => download_template() | |
| # | |
| # my_build_rootca() { | |
| # | |
| # ./easyrsa-wrapper my-build-rootca dir CA | |
| # ./easyrsa-wrapper my-build-rootca /tmp/dir RootCA | |
| # | |
| my_build_rootca() { | |
| debug_ "my_build_rootca() : $@" | |
| if [ "$#" -ne 2 ]; then | |
| usage_my_build_rootca | |
| die "Error: number of arguments is wrong at my_build_rootca()" | |
| fi | |
| dir="$1"; ca="$2" | |
| easyrsa_prepare_check "${dir}" "${ca}" || create_template_in_dir "${dir}" "${ca}" | |
| cd "${dir}/${ca}/easy-rsa/easyrsa3" || die "Error: can not cd(change dir) to "${dir}/${ca}/easy-rsa/easyrsa3"" | |
| ./easyrsa init-pki | |
| message_ "###\n### [easyrsa-wrapper] creating RootCA" | |
| message_ "###\n###\tdir :\t\t${dir}\n" | |
| message_ "###\tCN :\t\t${ca}\n###\n" | |
| debug_ "./easyrsa --batch --req-cn="$ca" build-ca nopass" | |
| ./easyrsa --batch --req-cn="$ca" build-ca nopass | |
| } # => my_build_rootca() | |
| # | |
| # my_build_interca() | |
| # | |
| # ./easyrsa-wrapper my-build-interca dir CA | |
| # ./easyrsa-wrapper my-build-interca /tmp/dir InterCA | |
| # | |
| my_build_interca() { | |
| debug_ "my_build_interca() : $@" | |
| if [ "$#" -ne 2 ]; then | |
| usage_my_build_interca | |
| die "Error: number of arguments is wrong at my_build_interca()" | |
| fi | |
| dir="$1"; ca="$2" | |
| easyrsa_prepare_check "${dir}" "${ca}" || create_template_in_dir "${dir}" "${ca}" | |
| cd "${dir}/${ca}/easy-rsa/easyrsa3" || die "Error: can not cd(change dir) to "${dir}/${ca}/easy-rsa/easyrsa3"" | |
| ./easyrsa init-pki | |
| message_ "###" | |
| message_ "### [easyrsa-wrapper] creating InterCA or CrossRootCA" | |
| message_ "###" | |
| message_ "###\tdir :\t\t${dir}\n###\tCN :\t\t${ca}" | |
| message_ "###\n" | |
| debug_ "./easyrsa --batch --req-cn="$ca" build-ca subca nopass" | |
| ./easyrsa --batch --req-cn="$ca" build-ca subca nopass | |
| } # => my_build_interca() | |
| # | |
| # my_sign_req() | |
| # | |
| # ./easyrsa-wrapper my-sign-req dir signed-ca signing-ca | |
| # ./easyrsa-wrapper my-sign-req /tmp/dir InterCA RootCA | |
| # | |
| my_sign_req() { | |
| debug_ "my_sign_req() : $@" | |
| if [ "$#" -ne 3 ]; then | |
| usage_my_sign_req | |
| die "Error: number of arguments is wrong at my_build_interca()" | |
| fi | |
| dir="$1"; ca="$2"; ca_issuer="$3" | |
| cd "${dir}/${ca_issuer}/easy-rsa/easyrsa3/pki/reqs/" | |
| ln -s "${dir}/${ca}/easy-rsa/easyrsa3/pki/reqs/ca.req" "${ca}.req" | |
| cd "${dir}/${ca_issuer}/easy-rsa/easyrsa3/" | |
| message_ "###\n### [easyrsa-wrapper] signing CSR(*.req)\n###\n" | |
| message_ "###\tdir :\t\t"$dir"\n###\tsubject :\t"$ca"\n###\tissuer :\t"$ca_issuer"\n###\n" | |
| debug_ "./easyrsa --batch sign-req ca "${ca}"" | |
| ./easyrsa --batch sign-req ca "${ca}" | |
| ln -s "${dir}/${ca_issuer}/easy-rsa/easyrsa3/pki/issued/${ca}.crt" "${dir}/${ca}/easy-rsa/easyrsa3/pki/ca.crt" | |
| } # => my_sign_req() | |
| # | |
| # my_build_crossca() { | |
| # | |
| # ./easyrsa-wrapper auto-cross dir-1 dir-2 | |
| # ./easyrsa-wrapper auto-cross /tmp/dir-1 /tmp/dir-2 | |
| # | |
| my_build_crossca() { | |
| debug_ "my_build_crossca() : $@" | |
| if [ "$#" -ne 4 ]; then | |
| usage_my_build_crossca | |
| die "Error: number of arguments is wrong at my_build_crossca()" | |
| fi | |
| base_dir="$1"; base_ca="$2"; sign_dir="$3"; sign_ca="$4" | |
| to_ca=${base_ca} ### ${to_ca} is same as ${base_ca} | |
| cp -a "${base_dir}/${base_ca}" "${sign_dir}/${to_ca}" || die "Error: can not copy to ${sign_dir}/${base_ca}" | |
| cd "${sign_dir}/${to_ca}/easy-rsa/easyrsa3/pki/" || die "Error: can not cd to ${to_ca}" | |
| mv ca.crt ca.crt.BASE-of-CROSS || die "Error: can not move ca.crt" | |
| my_sign_req "${sign_dir}" "${to_ca}" "${sign_ca}" || die "Error: sign my_sign_req() in my_build_crossca()" | |
| } # => my_build_crossca() | |
| # | |
| # my_auto() | |
| # | |
| # ./easyrsa-wrapper auto dir-0 | |
| # ./easyrsa-wrapper auto /tmp/dir-0 | |
| # | |
| my_auto() { | |
| debug_ "my_auto() : $@" | |
| if [ "$#" -ne 1 ]; then | |
| usage_my_auto | |
| die "Error: number of arguments is wrong" | |
| fi | |
| dir="$1" | |
| my_auto_simple $(echo "${dir}" "${auto_base_root}" "${auto_base_inter_CAs}") | |
| message5_ "###" | |
| message5_ "### [easyrsa-wrapper] issuing sample client and server certificate..." | |
| message5_ "###" | |
| ### base ### | |
| for ca in ${auto_base_inter_CAs}; do | |
| message5_ "cd ${dir}/${ca}/easy-rsa/easyrsa3/" | |
| cd ${dir}/${ca}/easy-rsa/easyrsa3/ | |
| message5_ "./easyrsa --batch build-client-full client-$$.sub.example.jp nopass" | |
| ./easyrsa --batch build-client-full client-$$.sub.example.jp nopass | |
| message5_ "./easyrsa --batch build-server-full server-$$.sub.example.jp nopass" | |
| ./easyrsa --batch build-server-full server-$$.sub.example.jp nopass | |
| done | |
| ### print how to check issuered cert(s) | |
| message5_ "###" | |
| message5_ "### [easyrsa-wrapper] already issuered sample client and server certificate(s). try below:" | |
| message5_ "###\n" | |
| for ca in ${auto_base_inter_CAs}; do | |
| message5_ "openssl x509 -noout -text -in ${dir}/${ca}/easy-rsa/easyrsa3/pki/issued/client-$$.sub.example.jp.crt" | |
| message5_ "openssl x509 -noout -text -in ${dir}/${ca}/easy-rsa/easyrsa3/pki/issued/server-$$.sub.example.jp.crt" | |
| done; echo | |
| ### print how to sign / to sign by InterCA(s) | |
| message5_ "###" | |
| message5_ "### [easyrsa-wrapper] to sign by 'InterCA(s)' try below:" | |
| message5_ "###\n" | |
| for ca in ${auto_base_inter_CAs}; do | |
| message5_ "cd ${dir}/${ca_inter}/easy-rsa/easyrsa3/" | |
| message5_ "./easyrsa --batch build-client-full client.sub.example.jp nopass" | |
| message5_ "./easyrsa --batch build-server-full server.sub.example.jp nopass" | |
| message5_ "" | |
| done; echo | |
| } # => my_auto() | |
| # | |
| # my_auto_cross() | |
| # | |
| # ./easyrsa-wrapper auto-cross dir-1 dir-2 | |
| # ./easyrsa-wrapper auto-cross /tmp/dir-1 /tmp/dir-2 | |
| # | |
| my_auto_cross() { | |
| debug_ "my_auto_cross() : $@" | |
| if [ "$#" -ne 2 ]; then | |
| usage_my_auto_cross | |
| die "Error: number of arguments is wrong" | |
| fi | |
| auto_cross_base_dir="$1"; auto_cross_dest_dir="$2" | |
| my_auto_simple "$auto_cross_base_dir" "$auto_cross_base_root" "$auto_cross_base_inter_3L" "$auto_cross_cross_ca" | |
| my_build_interca "$auto_cross_base_dir" "$auto_cross_base_inter_4L" | |
| my_sign_req "$auto_cross_base_dir" "$auto_cross_base_inter_4L" "$auto_cross_cross_ca" | |
| my_auto_simple "$auto_cross_dest_dir" "$auto_cross_dest_root" "$auto_cross_dest_inter_3L" | |
| my_build_crossca "$auto_cross_base_dir" "$auto_cross_cross_ca" "$auto_cross_dest_dir" "$auto_cross_dest_root" | |
| my_build_interca "$auto_cross_dest_dir" "$auto_cross_dest_inter_4L" | |
| my_sign_req "$auto_cross_dest_dir" "$auto_cross_dest_inter_4L" "$auto_cross_cross_ca" | |
| message5_ "###" | |
| message5_ "### [easyrsa-wrapper] now issuing sample client and server certificate..." | |
| message5_ "###" | |
| ### base ### | |
| for ca in "${auto_cross_base_inter_3L}" "${auto_cross_base_inter_4L}"; do | |
| message5_ "cd ${auto_cross_base_dir}/${ca}/easy-rsa/easyrsa3/" | |
| cd ${auto_cross_base_dir}/${ca}/easy-rsa/easyrsa3/ | |
| message5_ "./easyrsa --batch build-client-full client-$$.sub.example.jp nopass" | |
| ./easyrsa --batch build-client-full client-$$.sub.example.jp nopass | |
| message5_ "./easyrsa --batch build-server-full server-$$.sub.example.jp nopass" | |
| ./easyrsa --batch build-server-full server-$$.sub.example.jp nopass | |
| done | |
| ### dest ### | |
| for ca in "${auto_cross_dest_inter_3L}" "${auto_cross_dest_inter_4L}"; do | |
| message5_ "cd ${auto_cross_dest_dir}/${ca}/easy-rsa/easyrsa3/" | |
| cd ${auto_cross_dest_dir}/${ca}/easy-rsa/easyrsa3/ | |
| message5_ "./easyrsa --batch build-client-full client-$$.sub.example.jp nopass" | |
| ./easyrsa --batch build-client-full client-$$.sub.example.jp nopass | |
| message5_ "./easyrsa --batch build-server-full server-$$.sub.example.jp nopass" | |
| ./easyrsa --batch build-server-full server-$$.sub.example.jp nopass | |
| done; echo | |
| message5_ "###" | |
| message5_ "### [easyrsa-wrapper] already issuered sample client and server certificate. try below:" | |
| message5_ "###\n" | |
| ### base ### | |
| for ca in "${auto_cross_base_inter_3L}" "${auto_cross_base_inter_4L}"; do | |
| message5_ "openssl x509 -noout -text -in ${auto_cross_base_dir}/${ca}/easy-rsa/easyrsa3/pki/issued/client-$$.sub.example.jp.crt" | |
| message5_ "openssl x509 -noout -text -in ${auto_cross_base_dir}/${ca}/easy-rsa/easyrsa3/pki/issued/server-$$.sub.example.jp.crt" | |
| done | |
| ### dest ### | |
| for ca in "${auto_cross_dest_inter_3L}" "${auto_cross_dest_inter_4L}"; do | |
| message5_ "openssl x509 -noout -text -in ${auto_cross_dest_dir}/${ca}/easy-rsa/easyrsa3/pki/issued/client-$$.sub.example.jp.crt" | |
| message5_ "openssl x509 -noout -text -in ${auto_cross_dest_dir}/${ca}/easy-rsa/easyrsa3/pki/issued/server-$$.sub.example.jp.crt" | |
| done; echo | |
| # print how to sign / to sign by InterCA(s) | |
| message5_ "###" | |
| message5_ "### [easyrsa-wrapper] to sign by 'InterCA(s)' try below:" | |
| message5_ "###\n" | |
| for ca in "${auto_cross_base_inter_3L}" "${auto_cross_base_inter_4L}"; do | |
| message5_ "cd ${auto_cross_base_dir}/${ca}/easy-rsa/easyrsa3/" | |
| message5_ "./easyrsa --batch build-client-full client.sub.example.jp nopass" | |
| message5_ "./easyrsa --batch build-server-full server.sub.example.jp nopass" | |
| done | |
| for ca in "${auto_cross_dest_inter_3L}" "${auto_cross_dest_inter_4L}"; do | |
| message5_ "cd ${auto_cross_dest_dir}/${ca}/easy-rsa/easyrsa3/" | |
| message5_ "./easyrsa --batch build-client-full client.sub.example.jp nopass" | |
| message5_ "./easyrsa --batch build-server-full server.sub.example.jp nopass" | |
| done | |
| } # => auto_crossca() | |
| # | |
| # auto_simple() | |
| # | |
| # ./easyrsa-wrapper auto-simple dir RootCA InterCA(s) | |
| # ./easyrsa-wrapper auto-simple /tmp/dir RootCA InterCA-1 InterCA-2 InterCA-3 | |
| # | |
| my_auto_simple() { | |
| debug_ "my_auto_simple() : $@" | |
| if [ "$#" -le 1 ]; then | |
| usage_my_auto_simple | |
| die "Error: number of arguments is wrong at my_auto_simple()" | |
| fi | |
| # "$@" = (dir) (RootCA) (InterCA-1) (InterCA-2) (InterCA-3) | |
| # dir=(dir); shift | |
| # ca_root=(RootCA); shift | |
| # "$@" = "InterCA-1" "InterCA-2" "InterCA-3" | |
| dir="$1"; shift; ca_root="$1"; shift | |
| my_build_rootca "${dir}" "${ca_root}" | |
| for ca_inter in "$@"; do my_build_interca "${dir}" "${ca_inter}"; done | |
| for ca_inter in "$@"; do my_sign_req "${dir}" "${ca_inter}" "${ca_root}"; done | |
| ### print in my_auto() | |
| xxx() { | |
| message5_ "###" | |
| message5_ "### [easyrsa-wrapper] issuing sample client and server certificate..." | |
| message5_ "###" | |
| for ca_inter in "$@"; do | |
| message5_ "cd ${dir}/${ca_inter}/easy-rsa/easyrsa3/" | |
| cd ${dir}/${ca_inter}/easy-rsa/easyrsa3/ | |
| message5_ "./easyrsa --batch build-client-full client-$$.sub.example.jp nopass" | |
| ./easyrsa --batch build-client-full client-$$.sub.example.jp nopass | |
| message5_ "./easyrsa --batch build-server-full server-$$.sub.example.jp nopass" | |
| ./easyrsa --batch build-server-full server-$$.sub.example.jp nopass | |
| done; echo | |
| message5_ "###" | |
| message5_ "### [easyrsa-wrapper] issuered sample client and server certificate. try below:" | |
| message5_ "###\n" | |
| for ca_inter in "$@"; do | |
| message5_ "openssl x509 -noout -text -in ${dir}/${ca_inter}/easy-rsa/easyrsa3/pki/issued/client-$$.sub.example.jp.crt" | |
| message5_ "openssl x509 -noout -text -in ${dir}/${ca_inter}/easy-rsa/easyrsa3/pki/issued/server-$$.sub.example.jp.crt" | |
| done; echo | |
| # print how to sign / to sign by InterCA(s) | |
| message5_ "###" | |
| message5_ "### [easyrsa-wrapper] to sign by 'InterCA(s)' try below:" | |
| message5_ "###\n" | |
| for ca_inter in "$@"; do | |
| message5_ "cd ${dir}/${ca_inter}/easy-rsa/easyrsa3/" | |
| message5_ "./easyrsa --batch build-client-full client.sub.example.jp nopass" | |
| message5_ "./easyrsa --batch build-server-full server.sub.example.jp nopass" | |
| message5_ "" | |
| done; echo | |
| } # => xxx() | |
| } # => my_auto_simple() | |
| # | |
| # cmd_help() | |
| # | |
| cmd_help() { | |
| debug_ "cmd_help() : $@" | |
| case "$1" in | |
| auto) | |
| usage_my_auto; ;; | |
| auto-cross) | |
| usage_my_auto_cross; ;; | |
| auto-simple) | |
| usage_my_auto_simple; ;; | |
| my-build-rootca) | |
| usage_my_build_rootca; ;; | |
| my-build-interca) | |
| usage_my_build_interca; ;; | |
| my-build-crossca) | |
| usage_my_build_crossca; ;; | |
| my-sign-req) | |
| usage_my_sign_req; ;; | |
| *) | |
| usage_all; ;; | |
| esac | |
| } # => cmd_help() | |
| # | |
| # main() | |
| # | |
| debug_ "main() : $@" | |
| cmd="$1" | |
| [ -n "$1" ] && shift ### scrape off command | |
| case "${cmd}" in | |
| auto) | |
| my_auto "$@" | |
| ;; | |
| auto-cross) | |
| my_auto_cross "$@" | |
| ;; | |
| auto-simple) | |
| my_auto_simple "$@" | |
| ;; | |
| my-build-rootca) | |
| my_build_rootca "$@" | |
| ;; | |
| my-build-interca) | |
| my_build_interca "$@" | |
| ;; | |
| my-build-crossca) | |
| my_build_crossca "$@" | |
| ;; | |
| my-sign-req) | |
| my_sign_req "$@" | |
| ;; | |
| help|-h|--help|--usage) | |
| cmd_help "$1" | |
| ;; | |
| *) | |
| usage_all | |
| ;; | |
| esac |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment