summaryrefslogtreecommitdiff
path: root/mycert
blob: fd29db40ed214749110d772ca8de949273ca629d (plain)
  1. #!/bin/sh
  2. RCSID='$Id: mycert,v 1.1 2002-12-26 01:06:31 jonas Exp $'
  3. # Script for enabling user certificates authorized by CA.
  4. # The user is given a certificate + key and need to merge them into a
  5. # pkcs12 file (understood by Netscape and others) and add a password.
  6. #
  7. # Originally found here:
  8. # http://www.cise.ufl.edu/help/secure-access/ssl-mail-setup.shtml
  9. # adapted to non-YP environment and strings replacable from /etc.
  10. #
  11. # -- Jonas Smedegaard <dr@jones.dk>
  12. help="hostmaster@`cat /etc/mailname 2> /dev/null || hostname -d`" # Email address of technical staff
  13. cadir="/etc/ssl/certs"
  14. caname=`hostname -d` # Abbrev. of organisation
  15. if [ -f /etc/local/mycert.conf ]; then
  16. . /etc/local/mycert.conf
  17. fi
  18. if [ ! -f newcert.pem ]; then
  19. echo "No newcert.pem file found in the current directory."
  20. exit 0
  21. fi
  22. if [ ! -f newreq.pem ]; then
  23. echo "No newreq.pem file found in the current directory."
  24. exit 0
  25. fi
  26. uname=`/usr/bin/id | /usr/bin/awk '{print $1}' | /bin/sed -e 's,^.*(,,' -e 's,).*,,'`
  27. if [ "x$uname" = "x" ]; then
  28. echo "ERROR: unable to determine username."
  29. echo " Please email $help for help"
  30. exit 0
  31. fi
  32. name=`getent passwd $uname | awk -F : '{print $5}'`
  33. if [ "x$name" = "x" ]; then
  34. echo "ERROR: unable to determine full name from password map."
  35. echo " Please email $help for help"
  36. exit 0
  37. fi
  38. /usr/local/bin/openssl pkcs12 -export -in newcert.pem -inkey newreq.pem \
  39. -certfile $cadir/cacert.pem \
  40. -name "$name [$caname]" -out newcert.p12 -nodes