# Onboarding new client serverside actions. # CA-Variables export CADIR=/usr/share/fd-vertel-se export SLAPDPRIVKEY=/etc/ldap/fd_vertel_se_slapd_key.pem export CACERT=/etc/ssl/certs/mycacert.pem export CAPRIVKEY=/etc/ssl/private/mycakey.pem # Certificate for an OpenLDAP replica (consumer/client) export CLIENT=$1 export CLIENTDIR="$CLIENT"-ssl export CLIENT_PRIVKEY="$CLIENT"_slapd_key.pem export CLIENT_CERT="$CLIENT"_slapd_cert.pem # Check $CLIENT if [ -z "$CLIENT" ] then echo "Missing name of client parameter: wget .... | bash -s [client]" exit fi echo "Create directory and files for $CLIENTDIR ... 21" echo Path ... 22 = `pwd` # Check directory: (exists + rights) echo mkdir -p --mode=775 $CADIR/$CLIENTDIR sudo mkdir -p --mode=775 $CADIR/$CLIENTDIR ### sudo mkdir $CLIENTDIR echo Path ... 28 = `pwd` cd $CADIR/$CLIENTDIR echo Path ... 30 = `pwd` echo Generate ssl-key = $CLIENT_PRIVKEY 31 ### [ -f "$CLIENT_PRIVKEY" ] || certtool --generate-privkey --sec-param Medium --outfile $CLIENT_PRIVKEY sudo certtool --generate-privkey --sec-param Medium --outfile $CLIENT_PRIVKEY echo Path ... 37 = `pwd` echo chmod 664 $CLIENT_PRIVKEY ... 38 ## sudo chmod 664 $CLIENT_PRIVKEY # Create the file $CLIENT.info echo touch + 666 $CLIENT.info ... 41 sudo touch $CLIENT.info sudo chmod 666 $CLIENT.info echo Create info file = $CLIENT.info... 45 # Create info file echo """organization = Vertel AB cn = $CLIENT.vertel.se tls_www_server encryption_key signing_key expiration_days = 3650 """ > $CLIENT.info echo Success to create info file = $CLIENT.info... 54 echo Create the consumer/client certificate echo certtool --generate-certificate :: Create $CLIENT_CERT ... 57 sudo certtool --generate-certificate \ --load-privkey $CLIENT_PRIVKEY \ --load-ca-certificate $CACERT \ --load-ca-privkey $CAPRIVKEY \ --template $CLIENT.info \ --outfile $CLIENT_CERT echo certtool --generate-certificate :: Create $CLIENT_CERT // Done!... 65 # Get a copy of the CA certificate: echo Get a copy of the CA certificate: $CACERT ... 68 echo Path ... 69 = `pwd` sudo cp $CACERT /usr/share/fd-vertel-se/$CLIENTDIR sudo cp $CAPRIVKEY /usr/share/fd-vertel-se/$CLIENTDIR echo CLIENT_PRIVKEY: $CLIENT_PRIVKEY ... 74 echo CLIENT_CERT: $CLIENT_CERT ... 75 echo Path ... 76 = `pwd` # Create the file certinfo.ldif echo Move to... cd $CADIR/$CLIENTDIR 78 cd $CADIR/$CLIENTDIR echo touch + a+w certinfo.ldif ... 83 sudo touch certinfo.ldif # sudo chmod a+w certinfo.ldif sudo chmod 666 certinfo.ldif echo do the certinfo.ldif -procedure! ... 87 echo """dn: cn=config add: olcTLSCACertificateFile olcTLSCACertificateFile: /etc/ssl/certs/mycacert.pem - add: olcTLSCertificateFile olcTLSCertificateFile: /usr/share/fd-vertel-se/$CLIENTDIR/$CLIENT_CERT - add: olcTLSCertificateKeyFile olcTLSCertificateKeyFile: /usr/share/fd-vertel-se/$CLIENTDIR/$CLIENT_PRIVKEY""" > certinfo.ldif sudo ldapmodify -Y EXTERNAL -H ldapi:/// -f certinfo.ldif echo chmod 775 $CADIR/$CLIENTDIR -R sudo chmod 775 $CADIR/$CLIENTDIR -R #### DONE echo DONE