debianforum.de

Code: Alles auswählen

clients()
{
while read line
do
   clear
   echo "Erzeuge den Client" $line
   OPENSSL_CONF=openssl.cnf openssl req -new -sha512 -keyout new/key_$line.pem -out new/req_$line.pem
   OPENSSL_CONF=openssl.cnf openssl ca -out new/cert_$line.pem -infiles new/req_$line.pem
   OPENSSL_CONF=openssl.cnf openssl req -new -sha512 -keyout new/key_$line.pem -out new/req_$line.pem  OPENSSL_CONF=openssl.cnf openssl pkcs12 -export -in new/cert_$line.pem -inkey new/key_$line.pem -out export/cert_$line.p12 -clcerts
done < $clients
}

Code: Alles auswählen

Erzeuge den Client hubert
Generating a 4096 bit RSA private key
....................................................................................................++
.....................++
writing new private key to 'new/key_hubert.pem'
Enter PEM pass phrase:
Verifying - Enter PEM pass phrase:
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:string is too long, it needs to be less than  2 bytes long
Country Name (2 letter code) [AU]:string is too long, it needs to be less than  2 bytes long
Country Name (2 letter code) [AU]:problems making Certificate Request
Using configuration from openssl.cnf
Enter pass phrase for /server/test/CA/private/cakey.pem:

Code: Alles auswählen

#! /bin/bash

clients() {
clear
while read -p "Neuen Clientnamen eingeben: " line
        do
            [ -z "$line" ] && echo "Leere Eingabe." && continue
            [[ ! "$line" =~ ^[[:alpha:]]{4,}$ ]] && echo "Ungültige Eingabe. (Minimum: 4 Zeichen, a-z|A-Z)" && continue
            echo "Erzeuge Client $line"
            local OPENSSL_CONF="openssl.cnf"
            openssl req -new -sha512 -keyout new/key_"$line".pem -out new/req_"$line".pem
            openssl ca -out new/cert_"$line".pem -infiles new/req_"$line".pem
            openssl pkcs12 -export -in new/cert_"$line".pem -inkey new/key_"$line".pem -out -export/cert_"$line".p12 -clcerts
            break
done
}

while true
        do

        clients

        clear
        read -p "Wollen Sie weitere Clients anlegen? (Y/N): " line
        case "$line" in
              y|Y)
                    continue;;
            *|n|N)
                    echo "Abbruch."
                    exit 0;;
        esac
done

Code: Alles auswählen

#! /bin/bash


file=$(cat file)
OPENSSL_CONF="openssl.cnf"

for name in "$file"
     do
         if [[ ! "$name" =~ ^[[:alpha:]]{4,}$ ]]
             then
                   echo
                   echo "Ungültiger Name $name wurde übersprungen."
                   continue
         fi
         echo
         echo ">>>>>>>> Erzeuge Client $name <<<<<<<<"
         echo
         openssl req -new -sha512 -keyout new/key_"$name".pem -out new/req_"$name".pem
         echo
         openssl ca -out new/cert_"$name".pem -infiles new/req_"$name".pem
         echo
         openssl pkcs12 -export -in new/cert_"$name".pem -inkey new/key_"$name".pem -out -export/cert_"$name".p12 -clcerts
         echo
         echo ">>>>>>>> Client $name wurde erzeugt <<<<<<<<"
         echo
done

Code: Alles auswählen

140312908129408:error:0906406D:PEM routines:PEM_def_callback:problems getting password:crypto/pem/pem_lib.c:64:
140312908129408:error:0907E06F:PEM routines:do_pk8pkey:read key:crypto/pem/pem_pk8.c:83:

Using configuration from /usr/lib/ssl/openssl.cnf
Can't open ./demoCA/private/cakey.pem for reading, No such file or directory
139899318887552:error:02001002:system library:fopen:No such file or directory:crypto/bio/bss_file.c:74:fopen('./demoCA/private/cakey.pem','r')
139899318887552:error:2006D080:BIO routines:BIO_new_file:no such file:crypto/bio/bss_file.c:81:
unable to load CA private key

pkcs12: Cannot open input file new/cert_user.pem, No such file or directory
pkcs12: Use -help for summary.

Code: Alles auswählen

clients()
{
for name in "$clients"
     do
         if [[ ! "$name" =~ ^[[:alpha:]]{4,}$ ]]
             then
                   echo
                   echo "Ungültiger Name $name wurde übersprungen."
                   continue
         fi
         clear
         echo ">>>>>>>> Erzeuge Client $name <<<<<<<<"
         OPENSSL_CONF=openssl.cnf openssl req -new -sha512 -keyout new/"$name"_key.pem -out new/"$name"_req.pem
         OPENSSL_CONF=openssl.cnf openssl ca -out new/"$name"_cert.pem -infiles new/"$name"_req.pem
         OPENSSL_CONF=openssl.cnf openssl pkcs12 -export -in new/"$name"_cert.pem -inkey new/"$name"_key.pem -out export/"$name"_cert.p12 -clcerts
done
}

Code: Alles auswählen

./create_certs.sh 

Ungültiger Name peter
manfred
dietmar
horst wurde übersprungen.