Administrator Console 4 - 29
CreateClientCert.sh
#Initialize from current directory
#Enable definition for environment variable OPENSSL_FIPS to execute in FIPS mode on system with
FIPS compliant OpenSSL build
#export OPENSSL_FIPS=1
export WORKSPACE_DIR=$( cd "$( dirname "$0" )" && pwd )
#Make sure passwords are unique and secret
export CA_KEY_PASSWORD=CA-abcd12345
export GENERATED_CERT_KEY_PASSWORD=abcd12345
cd $WORKSPACE_DIR/CA-Certs/myCA
echo 'Current dir:'$( cd "$( dirname "$0" )" && pwd )
#Create sample client key and certificate
export OPENSSL_CONF=$WORKSPACE_DIR/samplehost.cnf
echo 'Creating client key and certificate with its signing request ....'
openssl req -newkey rsa:1024 -keyout client_key.pem -keyform PEM -out tempreq.pem -outform PEM
-passout pass:$GENERATED_CERT_KEY_PASSWORD
#CA now signs client certificate by processing its certificate sigining request
echo 'CA Signing client certificate....'
export OPENSSL_CONF=$WORKSPACE_DIR/caconfig.cnf
openssl ca -in tempreq.pem -out client_crt.pem -extensions ssl_client_server -passin
pass:$CA_KEY_PASSWORD -batch
rm -f tempreq.pem
echo 'Client key, certificate creation and signing completed. Use files client_key.pem and client_crt.pem'
Script Usage
The following section illustrates how to use the previous scripts.
Certification Authority Initialization
•
Edit caconfig.cnf to change the configuration for CA if necessary.
•
Execute CA initialization command sequence by invoking ./InitRootCA.sh.
Issue Reader certificate:
•
Edit samplereader.cnf to update any configuration such as hostname if necessary.
•
Execute CreateReaderCert.sh by invoking ./CreateReaderCert.sh.
Issue Client certificate:
•
Certificate and key issued using this method can be directly used with the LLRP client.
•
Edit samplehost.cnf to update any configuration such as hostname for the client, if necessary.
•
Execute CreateClientCert.sh by invoking ./CreateClientCert.sh.
To Next Page
Loading...
Need help?
General
Weight and Dimensions
