一键生成CA证书

create_cert () {
    cd /etc/openvpn/easy-rsa
    ./easyrsa  gen-req ${NAME} nopass <<EOF

EOF

    cd /etc/openvpn/easy-rsa
    ./easyrsa import-req /etc/openvpn/easy-rsa/pki/reqs/${NAME}.req ${NAME}


    ./easyrsa sign client ${NAME} <<EOF
yes
EOF

    mkdir  /etc/openvpn/client/${NAME}
    cp /etc/openvpn/easy-rsa/pki/issued/${NAME}.crt /etc/openvpn/client/${NAME}
    cp /etc/openvpn/easy-rsa/pki/private/${NAME}.key  /etc/openvpn/client/${NAME}
    cp /etc/openvpn/server/{ca.crt,ta.key} /etc/openvpn/client/${NAME}
    cat >  /etc/openvpn/client/${NAME}/client.ovpn <<EOF
client
dev tun
proto tcp
remote $OPENVPN_SERVER 1194
resolv-retry infinite
nobind
#persist-key
#persist-tun
ca ca.crt
cert $NAME.crt
key $NAME.key
remote-cert-tls server
tls-auth ta.key 1
cipher AES-256-CBC
verb 3
compress lz4-v2
EOF

    echo "证书存放路径:/etc/openvpn/client/${NAME},证书文件如下:"
    echo -e "\E[1;32m******************************************************************\E[0m"
    ls -l /etc/openvpn/client/${NAME}
    echo -e "\E[1;32m******************************************************************\E[0m"
    cd /etc/openvpn/client/${NAME} 
    zip -qP "$PASS" /root/${NAME}.zip * 
    echo "证书的打包文件已生成: /root/${NAME}.zip"
}


read -p "请输入用户的姓名拼音(如:wangdayu): " NAME

remove_cert
create_cert

 

posted @ 2022-09-25 17:42  大雨转暴雨  阅读(392)  评论(0编辑  收藏  举报