summaryrefslogtreecommitdiff
path: root/sample/sample-keys/gen-sample-keys.sh
diff options
context:
space:
mode:
Diffstat (limited to 'sample/sample-keys/gen-sample-keys.sh')
-rwxr-xr-xsample/sample-keys/gen-sample-keys.sh12
1 files changed, 12 insertions, 0 deletions
diff --git a/sample/sample-keys/gen-sample-keys.sh b/sample/sample-keys/gen-sample-keys.sh
index 414687e..301cff2 100755
--- a/sample/sample-keys/gen-sample-keys.sh
+++ b/sample/sample-keys/gen-sample-keys.sh
@@ -14,6 +14,9 @@ then
exit 1
fi
+# Generate static key for tls-auth (or static key mode)
+$(dirname ${0})/../../src/openvpn/openvpn --genkey --secret ta.key
+
# Create required directories and files
mkdir -p sample-ca
rm -f sample-ca/index.txt
@@ -49,6 +52,14 @@ openssl pkcs12 -export -nodes -password pass:password \
-out sample-ca/client.p12 -inkey sample-ca/client.key \
-in sample-ca/client.crt -certfile sample-ca/ca.crt
+# Create a client cert, revoke it, generate CRL
+openssl req -new -nodes -config openssl.cnf \
+ -keyout sample-ca/client-revoked.key -out sample-ca/client-revoked.csr \
+ -subj "/C=KG/ST=NA/O=OpenVPN-TEST/CN=client-revoked/emailAddress=me@myhost.mydomain"
+openssl ca -batch -config openssl.cnf \
+ -out sample-ca/client-revoked.crt -in sample-ca/client-revoked.csr
+openssl ca -config openssl.cnf -revoke sample-ca/client-revoked.crt
+openssl ca -config openssl.cnf -gencrl -out sample-ca/ca.crl
# Create EC server and client cert (signed by 'regular' RSA CA)
openssl ecparam -out sample-ca/secp256k1.pem -name secp256k1
@@ -73,3 +84,4 @@ openssl dhparam -out dh2048.pem 2048
cp sample-ca/*.key .
cp sample-ca/*.crt .
cp sample-ca/*.p12 .
+cp sample-ca/*.crl .