diff --git a/templates/client-host-certificate.sh.j2 b/templates/client-host-certificate.sh.j2 index b37b606..b3072d0 100644 --- a/templates/client-host-certificate.sh.j2 +++ b/templates/client-host-certificate.sh.j2 @@ -23,10 +23,7 @@ fi if [ -f "${easy_rsa_issued_dir}/${host_arg}.crt" ] ; then echo "" echo "A certificate already exists" - echo "If you want to renew it, then remove the following files and run che command again:" - echo "${easy_rsa_issued_dir}/${host_arg}.crt" - echo "${easy_rsa_keys_dir}/${host_arg}.key" - echo "${easy_rsa_reqs_dir}/${host_arg}.req" + echo "If you want to renew it, then use the command renew-client-host-certificate" echo "" exit 1 fi diff --git a/templates/personal-certificate.sh.j2 b/templates/personal-certificate.sh.j2 index b09fe50..ece0131 100644 --- a/templates/personal-certificate.sh.j2 +++ b/templates/personal-certificate.sh.j2 @@ -25,10 +25,7 @@ fi if [ -f "${easy_rsa_issued_dir}/${name_arg}.crt" ] ; then echo "" echo "A certificate already exists" - echo "If you want to renew it, then remove the following files and run che command again:" - echo "${easy_rsa_issued_dir}/${name_arg}.crt" - echo "${easy_rsa_keys_dir}/${name_arg}.key" - echo "${easy_rsa_reqs_dir}/${name_arg}.req" + echo "If you want to renew it, then use the command renew-personal-certificate" echo "" exit 1 fi diff --git a/templates/renew-client-host-certificate.sh.j2 b/templates/renew-client-host-certificate.sh.j2 index c55614e..ce450da 100644 --- a/templates/renew-client-host-certificate.sh.j2 +++ b/templates/renew-client-host-certificate.sh.j2 @@ -1,8 +1,10 @@ #!/bin/bash +_retval= + host_arg= if [ $# -ne 1 ] ; then - echo "You need to pass just one argument: the full hostname for wich the certificate is required" + echo "You need to pass just one argument: the full hostname for wich the certificate renewal is required" exit 1 else host_arg="$1" @@ -11,24 +13,41 @@ fi easy_rsa_base_dir={{ easy_rsa_pki_basedir }} easy_rsa_issued_dir="${easy_rsa_base_dir}/pki/issued" easy_rsa_keys_dir="${easy_rsa_base_dir}/pki/private" +easy_rsa_reqs_dir="${easy_rsa_base_dir}/pki/reqs" easy_vars_file="${easy_rsa_base_dir}/vars" if [ -f "${easy_vars_file}.tmpl" ] ; then echo "There's a template file ${easy_vars_file}.tmpl present. Check that nothing wrong happened, then remove it before proceeding." exit 1 fi +if [ -f "${easy_rsa_issued_dir}/${host_arg}.crt" ] ; then + rm -f "${easy_rsa_issued_dir}/${host_arg}.crt" + rm -f "${easy_rsa_keys_dir}/${host_arg}.key" + rm -f "${easy_rsa_reqs_dir}/${host_arg}.req" +else + echo "No previous certificate exists. This is not a renewal, aborting." + exit 1 +fi + echo "" -echo "Starting the renewal of a client host certificate." +echo "Starting the creation of the client host certificate." echo "" cd "$easy_rsa_base_dir" -./easyrsa renew "$host_arg" nopass +./easyrsa build-client-full "$host_arg" nopass +retval=$? -echo "" -echo "Done." -echo "The certificate file is ${easy_rsa_issued_dir}/${host_arg}.crt" -echo "The private key file is ${easy_rsa_keys_dir}/${host_arg}.key" -echo "" -echo "Remember that the key of the host certificates do not passphrase protected" +if [ $retval -eq 0 ] ; then + echo "" + echo "Done." + echo "The certificate file is ${easy_rsa_issued_dir}/${host_arg}.crt" + echo "The private key file is ${easy_rsa_keys_dir}/${host_arg}.key" + echo "" + echo "Remember that the key of the host certificates do not passphrase protected" +else + echo "" + echo "Something went wrong, the certificate creation failed" + echo "" +fi exit 0 diff --git a/templates/renew-personal-certificate.sh.j2 b/templates/renew-personal-certificate.sh.j2 index 09cd5c8..1b820b3 100644 --- a/templates/renew-personal-certificate.sh.j2 +++ b/templates/renew-personal-certificate.sh.j2 @@ -1,5 +1,7 @@ #!/bin/bash +_retval= + name_arg= email_arg= if [ $# -ne 2 ] ; then @@ -13,14 +15,24 @@ fi easy_rsa_base_dir={{ easy_rsa_pki_basedir }} easy_rsa_issued_dir="${easy_rsa_base_dir}/pki/issued" easy_rsa_keys_dir="${easy_rsa_base_dir}/pki/private" +easy_rsa_reqs_dir="${easy_rsa_base_dir}/pki/reqs" easy_vars_file="${easy_rsa_base_dir}/vars" if [ -f "${easy_vars_file}.tmpl" ] ; then echo "There's a template file ${easy_vars_file}.tmpl present. Check that nothing wrong happened, then remove it before proceeding." exit 1 fi +if [ -f "${easy_rsa_issued_dir}/${name_arg}.crt" ] ; then + rm -f "${easy_rsa_issued_dir}/${name_arg}.crt" + rm -f "${easy_rsa_keys_dir}/${name_arg}.key" + rm -f "${easy_rsa_reqs_dir}/${name_arg}.req" +else + echo "No previous certificate exists. This is not a renewal, aborting." + exit 1 +fi + echo "" -echo "Starting the renewal of a client host certificate." +echo "Starting the creation of a client host certificate." echo "Remember that you need to supply a passphrase for the private key." echo "" @@ -29,13 +41,21 @@ sleep 5 cd "$easy_rsa_base_dir" cp -f "$easy_vars_file" "${easy_vars_file}.tmpl" sed -i -e "s/{{ easy_rsa_req_email }}/$email_arg/g" "$easy_vars_file" -./easyrsa renew "$name_arg" +./easyrsa build-client-full "$name_arg" mv -f "${easy_vars_file}.tmpl" "$easy_vars_file" -echo "" -echo "Done." -echo "The certificate file is ${easy_rsa_issued_dir}/${name_arg}.crt" -echo "The private key file is ${easy_rsa_keys_dir}/${name_arg}.key" -echo "" +retval=$? + +if [ $retval -eq 0 ] ; then + echo "" + echo "Done." + echo "The certificate file is ${easy_rsa_issued_dir}/${name_arg}.crt" + echo "The private key file is ${easy_rsa_keys_dir}/${name_arg}.key" + echo "" +else + echo "" + echo "Something went wrong, the certificate creation failed" + echo "" +fi exit 0 diff --git a/templates/renew-server-host-certificate.sh.j2 b/templates/renew-server-host-certificate.sh.j2 index 27cfaeb..c683d22 100644 --- a/templates/renew-server-host-certificate.sh.j2 +++ b/templates/renew-server-host-certificate.sh.j2 @@ -1,5 +1,7 @@ #!/bin/bash +_retval= + host_arg= if [ $# -ne 1 ] ; then echo "You need to pass just one argument: the full hostname for wich the certificate is required" @@ -11,24 +13,41 @@ fi easy_rsa_base_dir={{ easy_rsa_pki_basedir }} easy_rsa_issued_dir="${easy_rsa_base_dir}/pki/issued" easy_rsa_keys_dir="${easy_rsa_base_dir}/pki/private" +easy_rsa_reqs_dir="${easy_rsa_base_dir}/pki/reqs" easy_vars_file="${easy_rsa_base_dir}/vars" if [ -f "${easy_vars_file}.tmpl" ] ; then echo "There's a template file ${easy_vars_file}.tmpl present. Check that nothing wrong happened, then remove it before proceeding." exit 1 fi +if [ -f "${easy_rsa_issued_dir}/${host_arg}.crt" ] ; then + rm -f "${easy_rsa_issued_dir}/${host_arg}.crt" + rm -f "${easy_rsa_keys_dir}/${host_arg}.key" + rm -f "${easy_rsa_reqs_dir}/${host_arg}.req" +else + echo "No previous certificate exists. This is not a renewal, aborting." + exit 1 +fi + echo "" -echo "Starting the renewal of a server host certificate." +echo "Starting the creation of a server host certificate." echo "" cd "$easy_rsa_base_dir" -./easyrsa renew "$host_arg" nopass +./easyrsa build-server-full "$host_arg" nopass +retval=$? -echo "" -echo "Done." -echo "The certificate file is ${easy_rsa_issued_dir}/${host_arg}.crt" -echo "The private key file is ${easy_rsa_keys_dir}/${host_arg}.key" -echo "" -echo "Remember that the key of the host certificates do not passphrase protected" +if [ $retval -eq 0 ] ; then + echo "" + echo "Done." + echo "The certificate file is ${easy_rsa_issued_dir}/${host_arg}.crt" + echo "The private key file is ${easy_rsa_keys_dir}/${host_arg}.key" + echo "" + echo "Remember that the key of the host certificates do not passphrase protected" +else + echo "" + echo "Something went wrong, the certificate creation failed" + echo "" +fi exit 0 diff --git a/templates/safessl-easyrsa.cnf b/templates/safessl-easyrsa.cnf index 629c6c2..3de2a9c 100644 --- a/templates/safessl-easyrsa.cnf +++ b/templates/safessl-easyrsa.cnf @@ -55,7 +55,7 @@ emailAddress = optional # Easy-RSA request handling # We key off $DN_MODE to determine how to format the DN [ req ] -default_bits = 3072 +default_bits = 4096 default_keyfile = privkey.pem default_md = sha384 distinguished_name = cn_only diff --git a/templates/server-host-certificate.sh.j2 b/templates/server-host-certificate.sh.j2 index 445df9b..4024795 100644 --- a/templates/server-host-certificate.sh.j2 +++ b/templates/server-host-certificate.sh.j2 @@ -22,11 +22,8 @@ fi if [ -f "${easy_rsa_issued_dir}/${host_arg}.crt" ] ; then echo "" - echo "A certificate already exists" - echo "If you want to renew it, then remove the following files and run che command again:" - echo "${easy_rsa_issued_dir}/${host_arg}.crt" - echo "${easy_rsa_keys_dir}/${host_arg}.key" - echo "${easy_rsa_reqs_dir}/${host_arg}.req" + echo "A certificate already exists." + echo "If you want to renew it, then use the command renew-server-host-certificate" echo "" exit 1 fi