Generating Certificate scripts

[dhonnoll78]

I have a few scripts that can´t quite generate my encryption certificates to be able to start my Radius Server
Sript one CA.server
Here is what my script is complaining about
[root@nicaragua raddb]# ./CA.server nicaragua
./CA.server: line 2: syntax error near unexpected token `newline'
./CA.server: line 2: `KEYGEN=<span class="comment hl">(/usr/sbin/dns-genkey)</span>'
Here is the script its self any ideas
PENSSL=/usr/bin/openssl
KEYGEN=<span class="comment hl">(/usr/sbin/dns-genkey)</span>
PASSDIR=/pass/server-name.pass
DERDIR=der
P12DIR=p12
PEMDIR=pem
VALIDFOR=365

SNAME=$1
PASSWD=$2
ROOTPASSWD=$3

mkdir -p $PEMDIR $P12DIR $DERDIR $PASSDIR

if [ -z "${SNAME}" ]; then
echo "WARNING: server name not specified. Using \"server\"."
SNAME=server
fi

if [ -z "${PASSWD}" ]; then
echo "No password specified, trying $PASSDIR/$SNAME.pass."
if [ -a $PASSDIR/$SNAME.pass ]; then
PASSWD=`cat $PASSDIR/$SNAME.pass`
else
echo "Not found. Generating password, see $PASSDIR/$SNAME.pass for contents."
PASSWD=`$KEYGEN | head -c 32`
cat /dev/null > $PASSDIR/$SNAME.pass
echo $PASSWD >> $PASSDIR/$SNAME.pass
fi
fi

if [ -z "${ROOTPASSWD}" ]; then
echo "No root password specified, trying $PASSDIR/root.pass."
if [ -a $PASSDIR/root.pass ]; then
ROOTPASSWD=`cat $PASSDIR/root.pass`
else
echo "FATAL: No root certification password."
exit
fi
fi

$OPENSSL req -new -keyout $PEMDIR/newreq.pem -out $PEMDIR/newreq.pem -passin \
pass:$PASSWD -passout pass:$PASSWD
$OPENSSL ca -policy policy_anything -out $PEMDIR/newcert.pem -key $ROOTPASSWD \ -extensions xpserver_ext -extfile xpextensions -days $VALIDFOR -infiles $PEMDIR/newreq.pem
$OPENSSL pkcs12 -export -in $PEMDIR/newcert.pem -inkey $PEMDIR/newreq.pem -out \ $P12DIR/$1.p12 -clcerts -passin pass:$PASSWD -passout pass:$PASSWD
$OPENSSL pkcs12 -in $P12DIR/$SNAME.p12 -out $PEMDIR/$SNAME.pem -passin \
pass:$PASSWD -passout pass:$PASSWD
$OPENSSL x509 -inform PEM -outform DER -in $PEMDIR/$SNAME.pem -out $DERDIR/$SNAME.der

rm -rf $PEMDIR/newcert.pem $PEMDIR/newreq.pem

[gregp]

Try to escape all kinds of <>"\ and other symbols with \
Otherwise try to enclose the string in single quote


Did you actually copy the script from webpage? Then remove all tags and it will work.

[dhonnoll78]

I did copy it from a web page and was able to add \ to the end of lines 2 and 3 and it ran the problem now is it will generate a certificate but when it comes to importing it to the file it needs to be it can´t Problem with that is it is Freeradius which (as I understand it) only reads the first 30 some odd characters. You ever set up a free radius server?

[gregp]

make sure that line #2 looks like:

KEYGEN=/usr/sbin/dns-genkey

Afterwards run this script and see that all cert files are generated as required
Make sure that PASSDIR exists and you pass all required parameters.

If needed repost your script and results of the invocation

[dhonnoll78]

Okay I tried that and here is the output
[root@nicaragua raddb]# ./CA.root
./CA.root: line 2: span: No such file or directory
./CA.root: process substitution: line 2: syntax error near unexpected token `newline'
./CA.root: process substitution: line 2: `/etc/pki/tls/misc/<span class="filename">CA.pl</span>'
mkdir: `/pass/root.pass' exists but is not a directory
No root password specified, trying /pass/root.pass/root.pass.
Not found. Generating password, see /pass/root.pass/root.pass for contents.
./CA.root: line 20: /pass/root.pass/root.pass: Not a directory
./CA.root: line 21: /pass/root.pass/root.pass: Not a directory
Generating a 1024 bit RSA private key
.....................++++++
......................++++++
writing new private key to '/pem/newreq.pem'
28397:error:0906906F:PEM routines:PEM_ASN1_write_bio:read keyem_lib.c:331:
./CA.root: line 29: -newca: command not found
unable to load private key
28402:error:0D07207B:asn1 encoding routines:ASN1_get_object:header too long:asn1_lib.c:150:
unable to load certificate
28403:error:0906D06C:PEM routines:PEM_read_bio:no start lineem_lib.c:644:Expecting: TRUSTED CERTIFICATE
[root@nicaragua raddb]#