Shell Script of Automating Client key generating
Hello Team,
I need a help in creating shell script for automating the generation of VPN client key for Open Vpn Server. The server is in configured on a Debian box. There I can see lot of questions while I tried to create a client key such as o Country Name [IN]: o State or Province (full Name): MH: o Locality Name [Mumbai]: o Organization Name []: o Organization Unit Name: o Common name : o Name []: o Email Address: o Please enter the following 'extra attributes to be sent with your certificate request o A challenge password: <Any Random> o An optional company name: o Sign the certificate? [y/n]: <Enter ‘y’> o 1out of 1 certificate requests certified, commit? [y/n] <Enter ‘y’> All the answers of the above questions are stored in a file in the same order. I would like to automate the process by executing a shell. Please help me to sort it out :) Thanks in advance.. |
you could start by looking at the req man page. look in the EXAMPLES section for "Sample configuration containing all field values". the idea is that you start with a config file (e.g. user.cnf) which would have all the values (CN, emailAddress, etc.) filled in. then you'd run "openssl req -config /path/to/user.cnf" to generate a csr, which you'd need to sign according to your requirements. following this procedure would entail generating a config file for each user, because you'd probably want certs with the user identity in the CN, but req also allows you to specify values on the command line.
|
Quote:
Thanks for the quick response, could you please elaborate the details, if you can add an example it would be grateful. |
To read the examples i mentioned in the man page, you need to type
Code:
man req Code:
openssl req -subj '/countryName=IN/stateOrProvinceName=MH/localityName=Mumbai/organizationName=mycompany/organizationalUnitName=IT Dept/commonName=Akashdeep Something/emailAddress=akashdeep@somewhere/' -new -nodes -newkey rsa:2048 -keyout akashdeep.key -out akashdeep.csr By the way, you can see what's in your key and csr by using these commands: Code:
openssl rsa -text -in akashdeep.key Code:
openssl req -text -in akashdeep.csr |
All times are GMT -5. The time now is 09:22 AM. |