All geek questions in one place

Using easy rsa, how to automate the client / server creation process

I use easy rsa ( https://github.com/OpenVPN/easy-rsa ) to build my tiny ca and its clients / servers. Since he was only for training, I have been thinking about how to do automation. Usually I can create the files necessary for data entry:

./easyrsa build-client-full client

but what when i need ~ 500 different client files? cpthis is not what i want here.

I tried to write a little bash script to help myself:

#!/bin/bash

clients=3
pass=randompass
capass=castrongpassword

for i in `seq 1 $clients`
do
    ./easyrsa build-client-full test$i $pass $pass $capass
done

" ". , 2 ca. , , script - ? script Ignoring unknown command option: .

+4
1

easyrsa , build-client-full : name. , , , , , , . , , stdin.

easyrsa

. OpenSSL ( easyrsa) stdin . , "-passout stdin" ( , ) OpenSSL. "-passout file:passfile", passfile'. To make it harder, easyrsa`, OpenSSL. , - . .

, gen_req easyrsa local opts=:

gen_req() {
    ....
    local opts=
    opts="-passout stdin" # ADD THIS LINE
    # Alternatively: opts="-passout file:passfile"
    ....
}

, , OpenSSL stdin ( gen_req), CA ( sign_req). , OpenSSL stdin ( )

sign_req() {
    local crt_type="$1" opts=
    opts="-passin file:capassfile" # ADD THIS LINE (also: create capassfile)
    ...
}

(. , , OpenSSL ...)

" " №1:

stdin - , easyrsa, , . :

#!/bin/bash

clients=3
pass=randompass
#capass=castrongpassword   # (create the file 'capassfile' instead)

for i in `seq 1 $clients`
do
    (echo $pass; echo $pass) | ./easyrsa build-client-full test$i
done

(echo $pass; echo ...)

printf '%s\n' $pass $pass | ./easyrsa build-client-full test$i


echo -e "$pass\n$pass" | ./easyrsa build-client-full test$i

, .

" " # 2: stdin

, , (, ps) , , , . , :

randompass
randompass

easyrsa , :

...
for i in `seq 1 $clients`
do
    ./easyrsa build-client-full test$i <passfile
done

passfile - . , , , .

+7

Source: https://habr.com/ru/post/1531854/

More articles:


All Articles