From 2c9845db4bc00221bc3c2343a020208f7f532166 Mon Sep 17 00:00:00 2001 From: Cullum Smith Date: Thu, 31 Oct 2024 21:36:39 -0400 Subject: many fixes --- pki | 34 +++++++++++++++++++++++++++++++++- 1 file changed, 33 insertions(+), 1 deletion(-) (limited to 'pki') diff --git a/pki b/pki index 96e8a87..4e10151 100755 --- a/pki +++ b/pki @@ -5,7 +5,7 @@ set -eu PROGNAME=pki -USAGE="" +USAGE="" BOXCONF_ROOT=$(dirname "$(readlink -f "$0")") BOXCONF_CA_PASSWORD_FILE="${BOXCONF_ROOT}/.ca_password" @@ -342,6 +342,36 @@ pki_renew(){ _pki_renew "${1}/${2}" "${days:-}" } +pki_pkcs12(){ + # Generate a pkcs12 bundle. + USAGE='pkcs12 HOSTNAME CERTNAME PATH' + [ $# -eq 3 ] || usage + + [ -f "${BOXCONF_CA_DIR}/${1}/${2}.crt" ] || die "certificate does not exist: ${1}/${2}.crt" + [ -f "${BOXCONF_CA_DIR}/${1}/${2}.key" ] || die "key does not exist: ${1}/${2}.key" + + _boxconf_get_vault_password + + PASS="$BOXCONF_VAULT_PASSWORD" openssl pkcs12 -legacy -export \ + -out "$3" \ + -inkey "${BOXCONF_CA_DIR}/${1}/${2}.key" \ + -in "${BOXCONF_CA_DIR}/${1}/${2}.crt" \ + -name "$2" \ + -passin env:PASS +} + +pki_show(){ + # Show a certificate and decrypted private key. + USAGE='show HOSTNAME CERTNAME' + [ -f "${BOXCONF_CA_DIR}/${1}/${2}.crt" ] || die "certificate does not exist: ${1}/${2}.crt" + [ -f "${BOXCONF_CA_DIR}/${1}/${2}.key" ] || die "key does not exist: ${1}/${2}.key" + + _boxconf_get_vault_password + + cat "${BOXCONF_CA_DIR}/${1}/${2}.crt" + _boxconf_decrypt_key "${BOXCONF_CA_DIR}/${1}/${2}.key" +} + [ $# -ge 1 ] || usage action=$1; shift @@ -354,5 +384,7 @@ case $action in server-cert|server|cert) pki_server "$@" ;; client-cert|client) pki_client "$@" ;; renew) pki_renew "$@" ;; + pkcs12) pki_pkcs12 "$@" ;; + show) pki_show "$@" ;; *) usage ;; esac -- cgit v1.2.3