This repository has been archived on 2024-05-18. You can view files and clone it, but cannot push or open issues or pull requests.
soifai/tools/create-certs.sh

61 lines
1000 B
Bash
Executable File

#!/usr/bin/env bash
# install cfssl
set -e
usernames=$(cat usernames.csv | cut "-d;" -f1)
mkdir -p certs
cd certs
cat <<EOF > ca.json
{
"CN": "SOI Finals Root CA",
"key": {
"algo": "rsa",
"size": 2048
}
}
EOF
if [ ! -f ca.pem ]; then
cfssl gencert -initca ca.json | cfssljson -bare ca
fi
cat <<EOF >client-config.json
{
"signing": {
"default": {
"expiry": "438000h"
},
"profiles": {
"client": {
"usages": ["signing", "key encipherment", "digital signature", "client auth"],
"expiry": "438000h"
}
}
}
}
EOF
for username in $usernames; do
cat <<EOF >client-csr-$username.json
{
"CN": "$username",
"key": {
"algo": "rsa",
"size": 2048
}
}
EOF
cfssl gencert -ca=ca.pem -ca-key=ca-key.pem -config=client-config.json -profile=client client-csr-$username.json | cfssljson --bare $username-cert
openssl pkcs12 -export -in $username-cert.pem -inkey $username-cert-key.pem -out $username.p12 -passout pass:
done