Generating Certificate scripts

Discussion in 'Technical' started by dhonnoll78, Dec 1, 2007.

  1. dhonnoll78

    dhonnoll78 New Member

    I have a few scripts that can´t quite generate my encryption certificates to be able to start my Radius Server
    Sript one CA.server
    Here is what my script is complaining about
    [[email protected] raddb]# ./CA.server nicaragua
    ./CA.server: line 2: syntax error near unexpected token `newline'
    ./CA.server: line 2: `KEYGEN=<span class="comment hl">(/usr/sbin/dns-genkey)</span>'
    Here is the script its self any ideas
    KEYGEN=<span class="comment hl">(/usr/sbin/dns-genkey)</span>



    if [ -z "${SNAME}" ]; then
    echo "WARNING: server name not specified. Using \"server\"."

    if [ -z "${PASSWD}" ]; then
    echo "No password specified, trying $PASSDIR/$SNAME.pass."
    if [ -a $PASSDIR/$SNAME.pass ]; then
    PASSWD=`cat $PASSDIR/$SNAME.pass`
    echo "Not found. Generating password, see $PASSDIR/$SNAME.pass for contents."
    PASSWD=`$KEYGEN | head -c 32`
    cat /dev/null > $PASSDIR/$SNAME.pass
    echo $PASSWD >> $PASSDIR/$SNAME.pass

    if [ -z "${ROOTPASSWD}" ]; then
    echo "No root password specified, trying $PASSDIR/root.pass."
    if [ -a $PASSDIR/root.pass ]; then
    ROOTPASSWD=`cat $PASSDIR/root.pass`
    echo "FATAL: No root certification password."

    $OPENSSL req -new -keyout $PEMDIR/newreq.pem -out $PEMDIR/newreq.pem -passin \
    pass:$PASSWD -passout pass:$PASSWD
    $OPENSSL ca -policy policy_anything -out $PEMDIR/newcert.pem -key $ROOTPASSWD \ -extensions xpserver_ext -extfile xpextensions -days $VALIDFOR -infiles $PEMDIR/newreq.pem
    $OPENSSL pkcs12 -export -in $PEMDIR/newcert.pem -inkey $PEMDIR/newreq.pem -out \ $P12DIR/$1.p12 -clcerts -passin pass:$PASSWD -passout pass:$PASSWD
    $OPENSSL pkcs12 -in $P12DIR/$SNAME.p12 -out $PEMDIR/$SNAME.pem -passin \
    pass:$PASSWD -passout pass:$PASSWD
    $OPENSSL x509 -inform PEM -outform DER -in $PEMDIR/$SNAME.pem -out $DERDIR/$SNAME.der

    rm -rf $PEMDIR/newcert.pem $PEMDIR/newreq.pem
  2. gregp

    gregp New Member

    Try to escape all kinds of <>"\ and other symbols with \
    Otherwise try to enclose the string in single quote

    Did you actually copy the script from webpage? Then remove all tags and it will work.
  3. dhonnoll78

    dhonnoll78 New Member

    I did copy it from a web page and was able to add \ to the end of lines 2 and 3 and it ran the problem now is it will generate a certificate but when it comes to importing it to the file it needs to be it can´t Problem with that is it is Freeradius which (as I understand it) only reads the first 30 some odd characters. You ever set up a free radius server?
  4. gregp

    gregp New Member

    make sure that line #2 looks like:


    Afterwards run this script and see that all cert files are generated as required
    Make sure that PASSDIR exists and you pass all required parameters.

    If needed repost your script and results of the invocation
  5. dhonnoll78

    dhonnoll78 New Member

    Did that

    Okay I tried that and here is the output
    [[email protected] raddb]# ./CA.root
    ./CA.root: line 2: span: No such file or directory
    ./CA.root: process substitution: line 2: syntax error near unexpected token `newline'
    ./CA.root: process substitution: line 2: `/etc/pki/tls/misc/<span class="filename"></span>'
    mkdir: `/pass/root.pass' exists but is not a directory
    No root password specified, trying /pass/root.pass/root.pass.
    Not found. Generating password, see /pass/root.pass/root.pass for contents.
    ./CA.root: line 20: /pass/root.pass/root.pass: Not a directory
    ./CA.root: line 21: /pass/root.pass/root.pass: Not a directory
    Generating a 1024 bit RSA private key
    writing new private key to '/pem/newreq.pem'
    28397:error:0906906F:pEM routines:pEM_ASN1_write_bio:read key:pem_lib.c:331:
    ./CA.root: line 29: -newca: command not found
    unable to load private key
    28402:error:0D07207B:asn1 encoding routines:ASN1_get_object:header too long:asn1_lib.c:150:
    unable to load certificate
    28403:error:0906D06C:pEM routines:pEM_read_bio:no start line:pem_lib.c:644:Expecting: TRUSTED CERTIFICATE
    [[email protected] raddb]#

Share This Page