# HG changeset patch # User Sebastien Decugis # Date 1278489137 -32400 # Node ID fb9ed45f92178e51e73c622df9594b692ba519fd # Parent 6d9ee5ab79e52a22aea14bd2d0000c0d316449b4 New command to generate the pcks12 file directly diff -r 6d9ee5ab79e5 -r fb9ed45f9217 contrib/PKI/ca_script2/Makefile --- a/contrib/PKI/ca_script2/Makefile Wed Jul 07 14:17:04 2010 +0900 +++ b/contrib/PKI/ca_script2/Makefile Wed Jul 07 16:52:17 2010 +0900 @@ -33,8 +33,10 @@ Creates a new sub-CA that can be used for certificates later.\n\ make newcert name=foo ca=parentca\n\ Create private key and csr, then issue the certificate (named foo.*)\n\ + make p12 name=foo ca=parentca\n\ + Same as newcert, but additionnaly creates a pkcs12 file to ship client certificate to Windows or Mac\n\ make ship name=foo ca=parentca\n\ - Create an archive with the data for the client\n\ + Create an archive with the data for the client (useful for freeDiameter peers)\n\ make revoke name=foo ca=parentca\n\ Revokes the certificate foo.cert issued by parentca and regenerates the CRL.\n\ make gencrl ca=caname\n\ @@ -135,6 +137,15 @@ @ln -sf ../../public/crl $(DATA_DIR)/$(ca)/clients/$(name)/crl @ln -sf ../../public/caroot.pem $(DATA_DIR)/$(ca)/clients/$(name)/ca.pem +# Create a PKCS#12 file containing the client's information +p12: newcert + # Create the PKCS#12 file + @cat $(DATA_DIR)/$(ca)/clients/$(name)/privkey.pem \ + $(DATA_DIR)/$(ca)/clients/$(name)/certchain.pem \ + $(DATA_DIR)/$(ca)/clients/$(name)/ca.pem \ + | openssl pkcs12 -export -out $(DATA_DIR)/$(ca)/clients/$(name)/$(name).p12 + @echo "Client certificate is created in $(DATA_DIR)/$(ca)/clients/$(name)/$(name).p12" + # Create an archive to send the data to the client node ship: @if [ -z "$(name)" -o -z "$(ca)" ]; then echo "Missing parameter. Ex: make ship name=service.testbed.aaa ca=ca.testbed.aaa"; exit 1; fi