j3g
/
pki-bootstrap_pub
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

MOD: added more files to copy for each CA-I package

This commit is contained in:
JohnE 2018-08-14 11:10:56 -07:00
parent 9d501f2720
commit 593d231271
8 changed files with 73 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
README
View File

@ -13,13 +13,13 @@ This package contains a set of programs to generate an entire certificate chain
and will configure StrongSwan server. .p12 files are generated for client distribution. and will configure StrongSwan server. .p12 files are generated for client distribution.
There are two main applications contained in this project. There are two main applications contained in this project.
* MOB Hub System : PKI Bootstrap * PKI Bootstrap : MOB Hub System
- 1 x Certificate Authority (CA) generation - 1 x Certificate Authority (CA) generation
- 5 x CA Intermediate generation - 5 x CA Intermediate generation
- 10 x Server and Client certificate generation (based on CA-I) - 10 x Server and Client certificate generation (based on CA-I)
- CA, CA-I, Server, and Client certificate packaged as .p12 file for easy import to Android (other clients too) - CA, CA-I, Server, and Client certificate packaged as .p12 file for easy import to Android (other clients too)
* MOB Hub System : PKI Lifecycle * PKI Lifecycle : MOB Hub System
- Unlimited CA Intermediate generation - Unlimited CA Intermediate generation
- Unlimited Server and Client generation (based on CA-I) - Unlimited Server and Client generation (based on CA-I)

22
src/pki_bootstrap/docs/README_C Normal file
View File

@ -0,0 +1,22 @@
============================
CLIENT GENERATION
Version 3.1
============================
-------------
INTRO
-------------
This application will generate new client certificates. The certificates can be used with any
VPN client service. The certificate chain is also included (CA certificate & CA-I certificate).
-------------
USAGE
-------------
./ gen_client.sh

9
src/pki_bootstrap/docs/README_LC
View File

@ -1,9 +1,10 @@
*** ***
THIS was Generated by the CA generation application THIS was Generated by the CA Generation Application
*** ***
Included in this package is a CA Intermediate generation application Included in this package is a CA Intermediate generation application. Any number of new CA
Intermediates can be generated. Each CA Intermediate is also packaged to be distributed to
an organization.
Running get_ca-i.sh will create a new PKI certificate chain to be distributed to organizations. Running get_ca-i.sh will create a new PKI certificate chain to be distributed to organizations.

21
src/pki_bootstrap/docs/README_S Normal file
View File

@ -0,0 +1,21 @@
============================
SERVER GENERATION
Version 3.1
============================
-------------
INTRO
-------------
This application will generate new server certificates to be used with a VPN service.
-------------
USAGE
-------------
./ gen_server.sh

1
src/pki_bootstrap/docs/SERIAL Normal file
View File

@ -0,0 +1 @@
1001

2
src/pki_bootstrap/libs/gen_ca-i.sh
View File

@ -10,6 +10,8 @@
# source this file to include the functions # source this file to include the functions
. pki_funcs.sh . pki_funcs.sh
$CA_CNF
PARAM1=$1 PARAM1=$1
PARAM2=$2 PARAM2=$2

5
src/pki_bootstrap/libs/pki_funcs.sh
View File

@ -148,3 +148,8 @@ generate_client() {
# verify certificate (output to text file for review) # verify certificate (output to text file for review)
openssl x509 -noout -text -in "client_${UNIQ_ID}.crt.pem" > "client_${UNIQ_ID}.info.txt" openssl x509 -noout -text -in "client_${UNIQ_ID}.crt.pem" > "client_${UNIQ_ID}.info.txt"
} }
#
# give some info if someone tries to execute this
echo_block "this script file has only helper functions"

20
src/pki_bootstrap/pki_bootstrap.sh
View File

@ -112,6 +112,7 @@ organize() {
cp ca_i*.keys.pem servers/ca-i/ cp ca_i*.keys.pem servers/ca-i/
# organize the ca-i directory # organize the ca-i directory
# order matters: move these files last because they were copied above
mkdir -p ca-i/data mkdir -p ca-i/data
mkdir -p ca-i/docs mkdir -p ca-i/docs
mv ca_i*.pem ca-i/data/ mv ca_i*.pem ca-i/data/
@ -130,14 +131,23 @@ organize() {
# UNIQ_ID_CA-I : unique string for the CA-I # UNIQ_ID_CA-I : unique string for the CA-I
# #
cp_pki_lifecycle() { cp_pki_lifecycle() {
# CA-I
cp $CD_ROOT/libs/gen_ca-i.sh $CD_ROOT/$UNIQ_DIR_LC/ cp $CD_ROOT/libs/gen_ca-i.sh $CD_ROOT/$UNIQ_DIR_LC/
cp $CD_ROOT/libs/pki_funcs.sh $CD_ROOT/$UNIQ_DIR_LC/
cp $CD_ROOT/docs/README_LC $CD_ROOT/$UNIQ_DIR_LC/README cp $CD_ROOT/docs/README_LC $CD_ROOT/$UNIQ_DIR_LC/README
cp $CD_ROOT/libs/gen_client.sh $CD_ROOT/$UNIQ_DIR_LC/distrobution/$UNIQ_DIR_CA/clients cp $CD_ROOT/docs/SERIAL $CD_ROOT/$UNIQ_DIR_LC/
cp $CD_ROOT/libs/gen_server.sh $CD_ROOT/$UNIQ_DIR_LC/distrobution/$UNIQ_DIR_CA/servers
# cp $LIB_PATH/gen_ca-i.sh $UNIQ_ID_CA-I/$UNIQ_DIR_LC ca-i/ # client
# cp $LIB_PATH/gen_client.sh clients/ cp $CD_ROOT/libs/gen_client.sh $CD_ROOT/$UNIQ_DIR_LC/distrobution/$UNIQ_DIR_CA/clients/
# cp $LIB_PATH/gen_server.sh servers/ cp $CD_ROOT/libs/pki_funcs.sh $CD_ROOT/$UNIQ_DIR_LC/distrobution/$UNIQ_DIR_CA/clients/
cp $CD_ROOT/docs/README_C $CD_ROOT/$UNIQ_DIR_LC/distrobution/$UNIQ_DIR_CA/clients/README
cp $CD_ROOT/docs/SERIAL $CD_ROOT/$UNIQ_DIR_LC/distrobution/$UNIQ_DIR_CA/clients/
# server
cp $CD_ROOT/libs/gen_server.sh $CD_ROOT/$UNIQ_DIR_LC/distrobution/$UNIQ_DIR_CA/servers/
cp $CD_ROOT/libs/pki_funcs.sh $CD_ROOT/$UNIQ_DIR_LC/distrobution/$UNIQ_DIR_CA/servers/
cp $CD_ROOT/docs/README_S $CD_ROOT/$UNIQ_DIR_LC/distrobution/$UNIQ_DIR_CA/servers/README
cp $CD_ROOT/docs/SERIAL $CD_ROOT/$UNIQ_DIR_LC/distrobution/$UNIQ_DIR_CA/servers/
} }
# #