I'm working on a automation script to be able to create multiple certificates at once. I do use the easy-rsa scripts which are located in de easy-rsa folder.
Building one certificate isn't a problem but after creating that certificate, the rest of the script isn't executed.
Creation of one certificate with this script isn't a problem.
This is the script i have until now
Code: Select all
#!/usr/bin/env bash
#--------------------------------
# Author:
# Date:
# Titel: Create Certificates
#--------------------------------
#-------Define help function-------
usage="$(basename $0) -- bash script that automaticly generates certifactes where:
-h|-?|--help show this help text
-s|--server-key create certificate and key for a server. requires to have a ca.crt present
-c|--client-key create certificate and key for a client. requires to have a ca.crt present
-C|--certificate-autority create master certificate
-d|--diffe-hellman create diffe-hellman parameters with a 2048 prime number
-t|--openvpn-ta-key create openvpn public key, used by openvpn to verify that the connected device is autorized to connect"
#-------Define Default parameters-------
clients=()
servers=()
serverset=false
clientset=false
caset=false
dhset=false
taset=false
ta=""
yesset=false
pwd="$PWD"
#-------Define funtions-------
isEmpty() {
if [ -z "$2" ]; then
echo "$1 cannot be empty"
echo "$usage"
exit 1
fi
}
checkSet() {
if [ $2 = true ]; then
echo "$1 cannot be created twice"
echo "$usage"
exit 1
fi
}
#-------Obtain arguments-------
while :; do
case $1 in
-h|-\?|--help)
echo "$usage"
exit 1;;
-s|--server-key)
isEmpty $1 $2
servers+=( "$2" )
serverset=true
shift;;
-c|--client-key)
isEmpty $1 $2
clients+=( "$2" )
clientset=true
shift;;
-C|--certificate-autority)
caset=true
if [ $2 = -y ]; then
yesset=true
fi
shift;;
-d|--diffe-hellman)
dhset=true
shift;;
-t|--openvpn-ta-key)
isEmpty $1 $2
taset=true
ta=$2
shift;;
-?*)
echo "$1 unkown option";;
*)
break
esac
shift
done
#-------Actual script-------
cd "$pwd/easy-rsa/"
source ./vars
if [ $caset = true ]; then
if [ ! $yesset = true ]; then
read -p 'by doing this the currect keys and certificates wille be deleted, do you still want to proceed? [Y/N]' -n 1 -r
if [[ $REPLY =~ ^[Yy]$ ]]; then
yesset=true
fi
fi
if [ $yesset = true ]; then
./clean-all
./build-ca --batch
else
echo 'CA certificate is not created. further commands wil use the older ca key if present'
fi
fi
if [ $serverset = true ]; then
if [ ! -f keys/ca.crt ];then
echo 'ca.crt does not exist. unable to create server keys'
else
for server in $servers
do
./build-key-server --batch $server
echo " finshed building $server"
done
echo "no other server keys to be created"
fi
fi
if [ $clientset = true ]; then
if [ ! -f keys/ca.crt ];then
echo 'ca.crt does not exist. unable to create client keys'
else
echo "test"
export EASY_RSA="${EASY_RSA:-.}"
for client in $clients
do
echo "test within"
"$EASY_RSA/pkitool" $client
# ./build-key-server --batch $client
done
fi
fi
if [ $dhset = true ]; then
./build-dh
fi
if [ $taset = true ]; then
openvpn --genkey --secret keys/$ta.key
echo "openvpn public key created"
fi
cd "$pwd"