diff options
| author | John Southworth <john.southworth@vyatta.com> | 2011-05-05 12:19:25 -0500 |
|---|---|---|
| committer | John Southworth <john.southworth@vyatta.com> | 2011-05-05 12:19:25 -0500 |
| commit | d9379eaf7c10563738c34a09964421b9762f0a1b (patch) | |
| tree | 23e40a792af9119650c89753d93ec447c65f2961 | |
| parent | 279b0fa9490432ed4ebc87792d34fd315d53566b (diff) | |
| download | vyatta-op-vpn-d9379eaf7c10563738c34a09964421b9762f0a1b.tar.gz vyatta-op-vpn-d9379eaf7c10563738c34a09964421b9762f0a1b.zip | |
Add ability to generate an x509 key pair (certificate signing request, private key)
| -rw-r--r-- | Makefile.am | 4 | ||||
| -rw-r--r-- | scripts/key-pair.template | 27 | ||||
| -rwxr-xr-x | scripts/vyatta-gen-x509-keypair.sh | 11 | ||||
| -rw-r--r-- | templates/generate/vpn/x509/key-pair/node.def | 1 | ||||
| -rw-r--r-- | templates/generate/vpn/x509/key-pair/node.tag/node.def | 4 | ||||
| -rw-r--r-- | templates/generate/vpn/x509/node.def | 1 |
6 files changed, 48 insertions, 0 deletions
diff --git a/Makefile.am b/Makefile.am index 7859933..ae1325d 100644 --- a/Makefile.am +++ b/Makefile.am @@ -15,6 +15,10 @@ cpiop = find . ! -regex '\(.*~\|.*\.bak\|.*\.swp\|.*\#.*\#\)' -print0 | \ cpio -0pd install-exec-hook: + mkdir -p $(DESTDIR)/opt/vyatta/etc/ + mkdir -p $(DESTDIR)/opt/vyatta/sbin/ + cp scripts/vyatta-gen-x509-keypair.sh $(DESTDIR)/opt/vyatta/sbin + cp scripts/key-pair.template $(DESTDIR)/opt/vyatta/etc mkdir -p $(DESTDIR)$(opdir) cd templates; $(cpiop) $(DESTDIR)$(opdir) diff --git a/scripts/key-pair.template b/scripts/key-pair.template new file mode 100644 index 0000000..5b5b2a6 --- /dev/null +++ b/scripts/key-pair.template @@ -0,0 +1,27 @@ +[ req ] + default_bits = 1024 + default_keyfile = privkey.pem + distinguished_name = req_distinguished_name + attributes = req_attributes + x509_extensions = v3_ca + dirstring_type = nobmp +[ req_distinguished_name ] + countryName = Country Name (2 letter code) + countryName_min = 2 + countryName_max = 2 + ST = State Name + localityName = Locality Name (eg, city) + organizationName = Organization Name (eg, company) + organizationalUnitName = Organizational Unit Name (eg, department) + commonName = Common Name (eg, Device hostname) + commonName_max = 64 + emailAddress = Email Address + emailAddress_max = 40 +[ req_attributes ] + challengePassword = A challenge password (optional) + challengePassword_min = 4 + challengePassword_max = 20 +[ v3_ca ] + subjectKeyIdentifier=hash + authorityKeyIdentifier=keyid:always,issuer:always + basicConstraints = CA:true diff --git a/scripts/vyatta-gen-x509-keypair.sh b/scripts/vyatta-gen-x509-keypair.sh new file mode 100755 index 0000000..5a66d0a --- /dev/null +++ b/scripts/vyatta-gen-x509-keypair.sh @@ -0,0 +1,11 @@ +#!/bin/bash +CN=$1 +genkeypair (){ + openssl req -new -nodes -keyout /config/auth/$CN.key -out /config/auth/$CN.csr -config /opt/vyatta/etc/key-pair.template +} +if [ -f /config/auth/$CN.csr ]; then + read -p "A certificate request named $CN.csr already exists. Overwrite (y/n)?" + [[ $REPLY != y && $REPLY != Y ]] || genkeypair +else + genkeypair +fi diff --git a/templates/generate/vpn/x509/key-pair/node.def b/templates/generate/vpn/x509/key-pair/node.def new file mode 100644 index 0000000..8a16c69 --- /dev/null +++ b/templates/generate/vpn/x509/key-pair/node.def @@ -0,0 +1 @@ +help: x509 key-pair generation tool diff --git a/templates/generate/vpn/x509/key-pair/node.tag/node.def b/templates/generate/vpn/x509/key-pair/node.tag/node.def new file mode 100644 index 0000000..9882df8 --- /dev/null +++ b/templates/generate/vpn/x509/key-pair/node.tag/node.def @@ -0,0 +1,4 @@ +help: Generate x509 key-pair +run: + sudo /opt/vyatta/sbin/vyatta-gen-x509-keypair.sh $5 +allowed: echo -n '<common-name>' diff --git a/templates/generate/vpn/x509/node.def b/templates/generate/vpn/x509/node.def new file mode 100644 index 0000000..8a16c69 --- /dev/null +++ b/templates/generate/vpn/x509/node.def @@ -0,0 +1 @@ +help: x509 key-pair generation tool |