4 CONF="${2:-danet_client.conf}"
11 CLIENT_CERT=$(awk '/^cert /{print $2}' "$CONF");
12 CLIENT_KEY=$(awk '/^key /{print $2}' "$CONF");
13 SERVER_CACERT=$(awk '/^ca /{print $2}' "$CONF");
17 cat -<<EOF |openssl req -nodes -new -keyout "${TMPDIR}/${HOST}".pem -out "${TMPDIR}/${HOST}".req -days 9000
30 if [ ! -e database ]; then
31 touch database database.attr
32 cp /usr/lib/ssl/openssl.cnf config
33 perl -pi -e 's/(database|serial)\s*=.+/$1=$1/' config
34 # Use the epoch and the pid to make a unique serial (for this CA,
36 # We use perl's pack and unpack here because it can be hex, and
37 # for some cockamamie reason, it needs to be an even number of
39 perl -e 'print unpack(q(H*),pack(q(NN),time,$$)),qq(\n)' > serial
42 openssl ca -config "$TMPDIR"/config -policy policy_anything -keyfile "${CAKEY}" -cert "${CACERT}" \
43 -out "$TMPDIR"/"${HOST}".cert -outdir "$TMPDIR" -notext -days 9000 -batch -infiles "${HOST}".req; #> /dev/null 2>&1
46 chmod a+r "${HOST}".cert
48 ln -sf "${HOST}".cert "${CLIENT_CERT}"
49 ln -sf "${HOST}".pem "${CLIENT_KEY}"
51 cp "${CLIENT_CONF}" "${TMPDIR}"/;
53 tar -zcf "${HOST}".tar.gz -C "${TMPDIR}" \
54 "${HOST}".cert "${HOST}".pem "${CLIENT_CERT}" "${CLIENT_CONF}" \
55 "${CLIENT_KEY}" "${SERVER_CACERT}"