Fix root CA expiration Make order-only prereqs the norm Change-Id: Ibd1af1f6204f5368160fdaabf4f5a79358eb4a52

commit: ba5c9d36bc514b9b155f6729d066a2d1120ec7ea [log] [tgz]
author: Zack Williams <zdw@opennetworking.org> Sun Jun 05 21:49:18 2022 -0700
committer: Zack Williams <zdw@opennetworking.org> Tue Aug 16 15:22:17 2022 -0700
tree: dcfaeaa8b64d32d56c6a2c91b92490bf81cf48eb
parent: ec61381b0991fc31466c3a6f6d52d814110ad334 [diff] [blame]
diff --git a/mkopenvpn.sh b/mkopenvpn.sh
new file mode 100755
index 0000000..3c0a04d
--- /dev/null
+++ b/mkopenvpn.sh

@@ -0,0 +1,43 @@
+#!/usr/bin/env bash
+
+set -xeu -o pipefail
+
+VPN_USER=$1
+
+VPN_SITE=${VPN_SITE:-example}
+
+export IM_CA_NAME=openvpn_ca
+export LEAF_PURPOSE=client_cert_ext
+
+export LEAF_KEYPAIR=${VPN_USER}
+export LEAF_EMAIL=${LEAF_EMAIL:-"${VPN_USER}@opennetworking.org"}
+export LEAF_SAN="email:${LEAF_EMAIL}"
+
+make onf_pki/certout/${VPN_USER}.pem
+
+# build config
+VPN_CONFIG=openvpn/${VPN_USER}_${VPN_SITE}.ovpn
+cat openvpn/generic_${VPN_SITE}.ovpn > $VPN_CONFIG
+
+cat << EOKEY >> $VPN_CONFIG
+
+# client key
+<key>
+EOKEY
+
+# add key
+cat onf_pki/certout/${VPN_USER}.key >> $VPN_CONFIG
+
+cat << EOCERT >> $VPN_CONFIG
+</key>
+
+# client cert
+<cert>
+EOCERT
+
+# add pem
+cat onf_pki/certout/${VPN_USER}.pem >> $VPN_CONFIG
+
+cat << EOF >> $VPN_CONFIG
+</cert>
+EOF
commit	ba5c9d36bc514b9b155f6729d066a2d1120ec7ea	[log] [tgz]
author	Zack Williams <zdw@opennetworking.org>	Sun Jun 05 21:49:18 2022 -0700
committer	Zack Williams <zdw@opennetworking.org>	Tue Aug 16 15:22:17 2022 -0700
tree	dcfaeaa8b64d32d56c6a2c91b92490bf81cf48eb
parent	ec61381b0991fc31466c3a6f6d52d814110ad334 [diff] [blame]