diff --git a/README b/README index 206e561..9d7e24c 100644 --- a/README +++ b/README @@ -13,13 +13,13 @@ This package contains a set of programs to generate an entire certificate chain and will configure StrongSwan server. .p12 files are generated for client distribution. There are two main applications contained in this project. - * MOB Hub System : PKI Bootstrap + * PKI Bootstrap : MOB Hub System - 1 x Certificate Authority (CA) generation - 5 x CA Intermediate generation - 10 x Server and Client certificate generation (based on CA-I) - CA, CA-I, Server, and Client certificate packaged as .p12 file for easy import to Android (other clients too) - * MOB Hub System : PKI Lifecycle + * PKI Lifecycle : MOB Hub System - Unlimited CA Intermediate generation - Unlimited Server and Client generation (based on CA-I) diff --git a/src/pki_bootstrap/docs/README_C b/src/pki_bootstrap/docs/README_C new file mode 100644 index 0000000..8afda20 --- /dev/null +++ b/src/pki_bootstrap/docs/README_C @@ -0,0 +1,22 @@ + + ============================ + CLIENT GENERATION + Version 3.1 + ============================ + + +------------- + INTRO +------------- + +This application will generate new client certificates. The certificates can be used with any +VPN client service. The certificate chain is also included (CA certificate & CA-I certificate). + + +------------- + USAGE +------------- + +./ gen_client.sh + + diff --git a/src/pki_bootstrap/docs/README_LC b/src/pki_bootstrap/docs/README_LC index b3a4c55..4d3ef24 100644 --- a/src/pki_bootstrap/docs/README_LC +++ b/src/pki_bootstrap/docs/README_LC @@ -1,9 +1,10 @@ *** -THIS was Generated by the CA generation application +THIS was Generated by the CA Generation Application *** -Included in this package is a CA Intermediate generation application +Included in this package is a CA Intermediate generation application. Any number of new CA +Intermediates can be generated. Each CA Intermediate is also packaged to be distributed to +an organization. + Running get_ca-i.sh will create a new PKI certificate chain to be distributed to organizations. - - diff --git a/src/pki_bootstrap/docs/README_S b/src/pki_bootstrap/docs/README_S new file mode 100644 index 0000000..8ae544e --- /dev/null +++ b/src/pki_bootstrap/docs/README_S @@ -0,0 +1,21 @@ + + ============================ + SERVER GENERATION + Version 3.1 + ============================ + + +------------- + INTRO +------------- + +This application will generate new server certificates to be used with a VPN service. + + +------------- + USAGE +------------- + +./ gen_server.sh + + diff --git a/src/pki_bootstrap/docs/SERIAL b/src/pki_bootstrap/docs/SERIAL new file mode 100644 index 0000000..7cebf7d --- /dev/null +++ b/src/pki_bootstrap/docs/SERIAL @@ -0,0 +1 @@ +1001 \ No newline at end of file diff --git a/src/pki_bootstrap/libs/gen_ca-i.sh b/src/pki_bootstrap/libs/gen_ca-i.sh index 3c2b70c..37c148e 100755 --- a/src/pki_bootstrap/libs/gen_ca-i.sh +++ b/src/pki_bootstrap/libs/gen_ca-i.sh @@ -10,6 +10,8 @@ # source this file to include the functions . pki_funcs.sh +$CA_CNF + PARAM1=$1 PARAM2=$2 diff --git a/src/pki_bootstrap/libs/pki_funcs.sh b/src/pki_bootstrap/libs/pki_funcs.sh index 433fd5b..8b1db9d 100644 --- a/src/pki_bootstrap/libs/pki_funcs.sh +++ b/src/pki_bootstrap/libs/pki_funcs.sh @@ -148,3 +148,8 @@ generate_client() { # verify certificate (output to text file for review) openssl x509 -noout -text -in "client_${UNIQ_ID}.crt.pem" > "client_${UNIQ_ID}.info.txt" } + +# +# give some info if someone tries to execute this +echo_block "this script file has only helper functions" + diff --git a/src/pki_bootstrap/pki_bootstrap.sh b/src/pki_bootstrap/pki_bootstrap.sh index 65ebbbb..3e23d39 100755 --- a/src/pki_bootstrap/pki_bootstrap.sh +++ b/src/pki_bootstrap/pki_bootstrap.sh @@ -112,6 +112,7 @@ organize() { cp ca_i*.keys.pem servers/ca-i/ # organize the ca-i directory + # order matters: move these files last because they were copied above mkdir -p ca-i/data mkdir -p ca-i/docs mv ca_i*.pem ca-i/data/ @@ -130,14 +131,23 @@ organize() { # UNIQ_ID_CA-I : unique string for the CA-I # cp_pki_lifecycle() { + # CA-I cp $CD_ROOT/libs/gen_ca-i.sh $CD_ROOT/$UNIQ_DIR_LC/ + cp $CD_ROOT/libs/pki_funcs.sh $CD_ROOT/$UNIQ_DIR_LC/ cp $CD_ROOT/docs/README_LC $CD_ROOT/$UNIQ_DIR_LC/README - cp $CD_ROOT/libs/gen_client.sh $CD_ROOT/$UNIQ_DIR_LC/distrobution/$UNIQ_DIR_CA/clients - cp $CD_ROOT/libs/gen_server.sh $CD_ROOT/$UNIQ_DIR_LC/distrobution/$UNIQ_DIR_CA/servers + cp $CD_ROOT/docs/SERIAL $CD_ROOT/$UNIQ_DIR_LC/ - # cp $LIB_PATH/gen_ca-i.sh $UNIQ_ID_CA-I/$UNIQ_DIR_LC ca-i/ - # cp $LIB_PATH/gen_client.sh clients/ - # cp $LIB_PATH/gen_server.sh servers/ + # client + cp $CD_ROOT/libs/gen_client.sh $CD_ROOT/$UNIQ_DIR_LC/distrobution/$UNIQ_DIR_CA/clients/ + cp $CD_ROOT/libs/pki_funcs.sh $CD_ROOT/$UNIQ_DIR_LC/distrobution/$UNIQ_DIR_CA/clients/ + cp $CD_ROOT/docs/README_C $CD_ROOT/$UNIQ_DIR_LC/distrobution/$UNIQ_DIR_CA/clients/README + cp $CD_ROOT/docs/SERIAL $CD_ROOT/$UNIQ_DIR_LC/distrobution/$UNIQ_DIR_CA/clients/ + + # server + cp $CD_ROOT/libs/gen_server.sh $CD_ROOT/$UNIQ_DIR_LC/distrobution/$UNIQ_DIR_CA/servers/ + cp $CD_ROOT/libs/pki_funcs.sh $CD_ROOT/$UNIQ_DIR_LC/distrobution/$UNIQ_DIR_CA/servers/ + cp $CD_ROOT/docs/README_S $CD_ROOT/$UNIQ_DIR_LC/distrobution/$UNIQ_DIR_CA/servers/README + cp $CD_ROOT/docs/SERIAL $CD_ROOT/$UNIQ_DIR_LC/distrobution/$UNIQ_DIR_CA/servers/ } #