Okay This is for my wireless network but I feel it fits best here. I can't generate my Certs so that I can start radiusd. Here is my first script CA.root. i got it from one of those cut and paste sites and still had to add a few \ just to get the thing to execute. Here is what CA.root looks like
OPENSSL=/usr/bin/openssl
CAPL=<span class="comment hl">(/etc/pki/tls/misc/<span class="filename">CA.pl</span>)</span>\
KEYGEN=/usr/sbin/dns-keygen
PASSDIR=/pass/root.pass
DERDIR=der
P12DIR=p12
PEMDIR=/pem
VALIDFOR=365
PASSWD=$1
mkdir -p $PEMDIR $P12DIR $DERDIR $PASSDIR
if [ -z "${PASSWD}" ]; then
echo "No root password specified, trying $PASSDIR/root.pass."
if [ -a $PASSDIR/root.pass ]; then
PASSWD=`cat $PASSDIR/root.pass`
else
echo "Not found. Generating password, see $PASSDIR/root.pass for contents."
PASSWD=`$KEYGEN | head -c 32`
cat /dev/null > $PASSDIR/root.pass
echo $PASSWD >> $PASSDIR/root.pass
fi
fi
rm -rf demoCA
$OPENSSL req -new -x509 -days $VALIDFOR -keyout $PEMDIR/newreq.pem -out \
$PEMDIR/newreq.pem -passin pass:$PASSWD -passout pass:$PASSWD
echo "${PEMDIR}/newreq.pem" | $CAPL -newca >/dev/null
$OPENSSL pkcs12 -export -in certs/demoCA/cacert.pem -inkey $PEMDIR/newreq.pem -out \
$P12DIR/root.p12 -cacerts -passin pass:$PASSWD -passout pass:$PASSWD
$OPENSSL pkcs12 -in $P12DIR/root.p12 -out $PEMDIR/root.pem -passin \
pass:$PASSWD -passout pass:$PASSWD
$OPENSSL x509 -inform PEM -outform DER -days $VALIDFOR -in $PEMDIR/root.pem \
-out $DERDIR/root.der -passin pass:$PASSWD
rm -rf $PEMDIR/newreq.pem
Here is the output when I try to run it
[root@nicaragua raddb]# ./CA.root [passwd#123]
./CA.root: process substitution: line 2: syntax error near unexpected token `newline'
./CA.root: process substitution: line 2: `/etc/pki/tls/misc/<span class="filename">CA.pl</span>'
./CA.root: line 2: span: No such file or directory
mkdir: `/pass/root.pass' exists but is not a directory
Generating a 1024 bit RSA private key
............++++++
.................................................................................................... .........................++++++
writing new private key to '/pem/newreq.pem'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [GB]:US
State or Province Name (full name) [Berkshire]:MS
Locality Name (eg, city) [Newbury]:Horn Lake
Organization Name (eg, company) [My Company Ltd]:mywireless
Organizational Unit Name (eg, section) []:home
Common Name (eg, your name or your server's hostname) []:
Email Address []:myemail@mydomain.net
./CA.root: line 29: -newca: command not found
No certificate matches private key
22713:error:0D07207B:asn1 encoding routines:ASN1_get_object:header too long:asn1_lib.c:150:
unable to load certificate
22714:error:0906D06C:PEM routines:PEM_read_bio:no start line
em_lib.c:644:Expecting: TRUSTED CERTIFICATE
[root@nicaragua raddb]#
Any clues anyone?