Mercurial > hg > freeDiameter
changeset 394:fb9ed45f9217
New command to generate the pcks12 file directly
| author | Sebastien Decugis <sdecugis@nict.go.jp> |
|---|---|
| date | Wed, 07 Jul 2010 16:52:17 +0900 |
| parents | 6d9ee5ab79e5 |
| children | 8e26b203e3cb |
| files | contrib/PKI/ca_script2/Makefile |
| diffstat | 1 files changed, 12 insertions(+), 1 deletions(-) [+] |
line wrap: on
line diff
--- a/contrib/PKI/ca_script2/Makefile Wed Jul 07 14:17:04 2010 +0900 +++ b/contrib/PKI/ca_script2/Makefile Wed Jul 07 16:52:17 2010 +0900 @@ -33,8 +33,10 @@ Creates a new sub-CA that can be used for certificates later.\n\ make newcert name=foo ca=parentca\n\ Create private key and csr, then issue the certificate (named foo.*)\n\ + make p12 name=foo ca=parentca\n\ + Same as newcert, but additionnaly creates a pkcs12 file to ship client certificate to Windows or Mac\n\ make ship name=foo ca=parentca\n\ - Create an archive with the data for the client\n\ + Create an archive with the data for the client (useful for freeDiameter peers)\n\ make revoke name=foo ca=parentca\n\ Revokes the certificate foo.cert issued by parentca and regenerates the CRL.\n\ make gencrl ca=caname\n\ @@ -135,6 +137,15 @@ @ln -sf ../../public/crl $(DATA_DIR)/$(ca)/clients/$(name)/crl @ln -sf ../../public/caroot.pem $(DATA_DIR)/$(ca)/clients/$(name)/ca.pem +# Create a PKCS#12 file containing the client's information +p12: newcert + # Create the PKCS#12 file + @cat $(DATA_DIR)/$(ca)/clients/$(name)/privkey.pem \ + $(DATA_DIR)/$(ca)/clients/$(name)/certchain.pem \ + $(DATA_DIR)/$(ca)/clients/$(name)/ca.pem \ + | openssl pkcs12 -export -out $(DATA_DIR)/$(ca)/clients/$(name)/$(name).p12 + @echo "Client certificate is created in $(DATA_DIR)/$(ca)/clients/$(name)/$(name).p12" + # Create an archive to send the data to the client node ship: @if [ -z "$(name)" -o -z "$(ca)" ]; then echo "Missing parameter. Ex: make ship name=service.testbed.aaa ca=ca.testbed.aaa"; exit 1; fi