#!/bin/sh #generate CA certificate/key if test ! -f /etc/pki/ocserv/private/ca.key;then certtool --generate-privkey --outfile /etc/pki/ocserv/private/ca.key >/dev/null 2>&1 echo "cn=`hostname -f` CA" >/etc/pki/ocserv/ca.tmpl echo "expiration_days=-1" >>/etc/pki/ocserv/ca.tmpl echo "serial=1" >>/etc/pki/ocserv/ca.tmpl echo "ca" >>/etc/pki/ocserv/ca.tmpl echo "cert_signing_key" >>/etc/pki/ocserv/ca.tmpl certtool --template /etc/pki/ocserv/ca.tmpl \ --generate-self-signed --load-privkey /etc/pki/ocserv/private/ca.key \ --outfile /etc/pki/ocserv/cacerts/ca.crt >/dev/null 2>&1 #rm -f /etc/pki/ocserv/ca.tmpl fi #generate server certificate/key if test ! -f /etc/pki/ocserv/private/server.key;then certtool --generate-privkey --outfile /etc/pki/ocserv/private/server.key >/dev/null 2>&1 echo "cn=`hostname -f`" >/etc/pki/ocserv/server.tmpl echo "serial=2" >>/etc/pki/ocserv/server.tmpl echo "expiration_days=-1" >>/etc/pki/ocserv/server.tmpl echo "signing_key" >>/etc/pki/ocserv/server.tmpl echo "encryption_key" >>/etc/pki/ocserv/server.tmpl certtool --template /etc/pki/ocserv/server.tmpl \ --generate-certificate --load-privkey /etc/pki/ocserv/private/server.key \ --load-ca-certificate /etc/pki/ocserv/cacerts/ca.crt --load-ca-privkey \ /etc/pki/ocserv/private/ca.key --outfile /etc/pki/ocserv/public/server.crt >/dev/null 2>&1 #rm -f /etc/pki/ocserv/server.tmpl fi exit 0