Go Back   HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials > Linux Forums > Technical

Do you like HowtoForge? Please consider supporting us by becoming a subscriber.
Reply
 
Thread Tools Display Modes
  #1  
Old 1st December 2007, 19:00
dhonnoll78 dhonnoll78 is offline
Member
 
Join Date: Dec 2006
Posts: 42
Thanks: 2
Thanked 0 Times in 0 Posts
Default Generating Certificate scripts

I have a few scripts that canīt quite generate my encryption certificates to be able to start my Radius Server
Sript one CA.server
Here is what my script is complaining about
[root@nicaragua raddb]# ./CA.server nicaragua
./CA.server: line 2: syntax error near unexpected token `newline'
./CA.server: line 2: `KEYGEN=<span class="comment hl">(/usr/sbin/dns-genkey)</span>'
Here is the script its self any ideas
PENSSL=/usr/bin/openssl
KEYGEN=<span class="comment hl">(/usr/sbin/dns-genkey)</span>
PASSDIR=/pass/server-name.pass
DERDIR=der
P12DIR=p12
PEMDIR=pem
VALIDFOR=365

SNAME=$1
PASSWD=$2
ROOTPASSWD=$3

mkdir -p $PEMDIR $P12DIR $DERDIR $PASSDIR

if [ -z "${SNAME}" ]; then
echo "WARNING: server name not specified. Using \"server\"."
SNAME=server
fi

if [ -z "${PASSWD}" ]; then
echo "No password specified, trying $PASSDIR/$SNAME.pass."
if [ -a $PASSDIR/$SNAME.pass ]; then
PASSWD=`cat $PASSDIR/$SNAME.pass`
else
echo "Not found. Generating password, see $PASSDIR/$SNAME.pass for contents."
PASSWD=`$KEYGEN | head -c 32`
cat /dev/null > $PASSDIR/$SNAME.pass
echo $PASSWD >> $PASSDIR/$SNAME.pass
fi
fi

if [ -z "${ROOTPASSWD}" ]; then
echo "No root password specified, trying $PASSDIR/root.pass."
if [ -a $PASSDIR/root.pass ]; then
ROOTPASSWD=`cat $PASSDIR/root.pass`
else
echo "FATAL: No root certification password."
exit
fi
fi

$OPENSSL req -new -keyout $PEMDIR/newreq.pem -out $PEMDIR/newreq.pem -passin \
pass:$PASSWD -passout pass:$PASSWD
$OPENSSL ca -policy policy_anything -out $PEMDIR/newcert.pem -key $ROOTPASSWD \ -extensions xpserver_ext -extfile xpextensions -days $VALIDFOR -infiles $PEMDIR/newreq.pem
$OPENSSL pkcs12 -export -in $PEMDIR/newcert.pem -inkey $PEMDIR/newreq.pem -out \ $P12DIR/$1.p12 -clcerts -passin pass:$PASSWD -passout pass:$PASSWD
$OPENSSL pkcs12 -in $P12DIR/$SNAME.p12 -out $PEMDIR/$SNAME.pem -passin \
pass:$PASSWD -passout pass:$PASSWD
$OPENSSL x509 -inform PEM -outform DER -in $PEMDIR/$SNAME.pem -out $DERDIR/$SNAME.der

rm -rf $PEMDIR/newcert.pem $PEMDIR/newreq.pem
Reply With Quote
Sponsored Links
  #2  
Old 1st December 2007, 22:28
gregp gregp is offline
Junior Member
 
Join Date: Dec 2007
Posts: 2
Thanks: 0
Thanked 0 Times in 0 Posts
Default

Try to escape all kinds of <>"\ and other symbols with \
Otherwise try to enclose the string in single quote


Did you actually copy the script from webpage? Then remove all tags and it will work.
Reply With Quote
  #3  
Old 1st December 2007, 22:57
dhonnoll78 dhonnoll78 is offline
Member
 
Join Date: Dec 2006
Posts: 42
Thanks: 2
Thanked 0 Times in 0 Posts
Default

I did copy it from a web page and was able to add \ to the end of lines 2 and 3 and it ran the problem now is it will generate a certificate but when it comes to importing it to the file it needs to be it canīt Problem with that is it is Freeradius which (as I understand it) only reads the first 30 some odd characters. You ever set up a free radius server?
Reply With Quote
  #4  
Old 2nd December 2007, 15:40
gregp gregp is offline
Junior Member
 
Join Date: Dec 2007
Posts: 2
Thanks: 0
Thanked 0 Times in 0 Posts
Default

make sure that line #2 looks like:

KEYGEN=/usr/sbin/dns-genkey

Afterwards run this script and see that all cert files are generated as required
Make sure that PASSDIR exists and you pass all required parameters.

If needed repost your script and results of the invocation
Reply With Quote
  #5  
Old 13th December 2007, 04:31
dhonnoll78 dhonnoll78 is offline
Member
 
Join Date: Dec 2006
Posts: 42
Thanks: 2
Thanked 0 Times in 0 Posts
 
Default Did that

Okay I tried that and here is the output
[root@nicaragua raddb]# ./CA.root
./CA.root: line 2: span: No such file or directory
./CA.root: process substitution: line 2: syntax error near unexpected token `newline'
./CA.root: process substitution: line 2: `/etc/pki/tls/misc/<span class="filename">CA.pl</span>'
mkdir: `/pass/root.pass' exists but is not a directory
No root password specified, trying /pass/root.pass/root.pass.
Not found. Generating password, see /pass/root.pass/root.pass for contents.
./CA.root: line 20: /pass/root.pass/root.pass: Not a directory
./CA.root: line 21: /pass/root.pass/root.pass: Not a directory
Generating a 1024 bit RSA private key
.....................++++++
......................++++++
writing new private key to '/pem/newreq.pem'
28397:error:0906906F:PEM routines:PEM_ASN1_write_bio:read keyem_lib.c:331:
./CA.root: line 29: -newca: command not found
unable to load private key
28402:error:0D07207B:asn1 encoding routines:ASN1_get_object:header too long:asn1_lib.c:150:
unable to load certificate
28403:error:0906D06C:PEM routines:PEM_read_bio:no start lineem_lib.c:644:Expecting: TRUSTED CERTIFICATE
[root@nicaragua raddb]#
Reply With Quote
Reply

Bookmarks

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Problem installing ISPconfig on Ubuntu 6.06 LTS ennodj Installation/Configuration 6 4th May 2008 18:12
SSL for virtual hosts on one certificate rbartz Tips/Tricks/Mods 8 20th November 2007 17:59
Help installing an SSL certificate james@thereidsonline.com Installation/Configuration 1 26th June 2007 18:11
certificate peer name verification failed veggieryan Installation/Configuration 7 13th April 2007 22:52
550-The recipient cannot be verified email problem safoo Installation/Configuration 7 29th November 2006 19:55


All times are GMT +2. The time now is 09:01.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.