This repository has been archived on 2024-05-18. You can view files and clone it, but cannot push or open issues or pull requests.
2022-07-15 11:59:26 +02:00
|
|
|
#!/usr/bin/env bash
|
|
|
|
|
# install cfssl
|
|
|
|
|
|
|
|
|
|
set -e
|
|
|
|
|
|
|
|
|
|
usernames=$(cat usernames.csv | cut "-d;" -f1)
|
|
|
|
|
|
|
|
|
|
mkdir -p certs
|
|
|
|
|
cd certs
|
|
|
|
|
|
|
|
|
|
cat <<EOF > ca.json
|
|
|
|
|
{
|
|
|
|
|
"CN": "SOI Finals Root CA",
|
|
|
|
|
"key": {
|
|
|
|
|
"algo": "rsa",
|
|
|
|
|
"size": 2048
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
EOF
|
|
|
|
|
|
2023-06-01 15:25:01 +02:00
|
|
|
if [ ! -f ca.pem ]; then
|
|
|
|
|
cfssl gencert -initca ca.json | cfssljson -bare ca
|
|
|
|
|
fi
|
2022-07-15 11:59:26 +02:00
|
|
|
|
|
|
|
|
cat <<EOF >client-config.json
|
|
|
|
|
{
|
|
|
|
|
"signing": {
|
|
|
|
|
"default": {
|
|
|
|
|
"expiry": "438000h"
|
|
|
|
|
},
|
|
|
|
|
"profiles": {
|
|
|
|
|
"client": {
|
|
|
|
|
"usages": ["signing", "key encipherment", "digital signature", "client auth"],
|
|
|
|
|
"expiry": "438000h"
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
EOF
|
|
|
|
|
|
|
|
|
|
for username in $usernames; do
|
|
|
|
|
|
|
|
|
|
cat <<EOF >client-csr-$username.json
|
|
|
|
|
{
|
|
|
|
|
"CN": "$username",
|
|
|
|
|
"key": {
|
|
|
|
|
"algo": "rsa",
|
|
|
|
|
"size": 2048
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
EOF
|
|
|
|
|
|
|
|
|
|
cfssl gencert -ca=ca.pem -ca-key=ca-key.pem -config=client-config.json -profile=client client-csr-$username.json | cfssljson --bare $username-cert
|
|
|
|
|
|
|
|
|
|
openssl pkcs12 -export -in $username-cert.pem -inkey $username-cert-key.pem -out $username.p12 -passout pass:
|
|
|
|
|
|
|
|
|
|
done
|
