From 1af3c572eedb0eaddcdc5c9c41d98ff59bb7b2c9 Mon Sep 17 00:00:00 2001 From: Guilhem Moulin Date: Tue, 24 May 2016 17:11:11 +0200 Subject: IPSec: replace (self-signed) X.509 certs by their raw pubkey for authentication. There is no need to bother with X.509 cruft here. --- roles/common/files/usr/local/bin/genkeypair.sh | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) (limited to 'roles/common/files/usr/local/bin') diff --git a/roles/common/files/usr/local/bin/genkeypair.sh b/roles/common/files/usr/local/bin/genkeypair.sh index 45e2181..01b279a 100755 --- a/roles/common/files/usr/local/bin/genkeypair.sh +++ b/roles/common/files/usr/local/bin/genkeypair.sh @@ -47,6 +47,7 @@ usage() { x509: generate a self-signed X.509 server certificate csr: generate a Certificate Signing Request dkim: generate a private key (to use for DKIM signing) + keypair: generate a key pair Options: -t type: key type (default: rsa) @@ -88,7 +89,7 @@ dkiminfo() { [ $# -gt 0 ] || { usage; exit 2; } cmd="$1"; shift case "$cmd" in - x509|csr|dkim) ;; + x509|csr|dkim|keypair) ;; *) echo "Unrecognized command: $cmd" >&2; exit 2 esac @@ -201,4 +202,6 @@ elif [ "$cmd" = x509 -o "$cmd" = csr ]; then [ "$cmd" = x509 ] && x509=-x509 || x509= openssl req -config "$config" -new $x509 ${hash:+-$hash} -days 3650 -key "$privkey" >"$pubkey" || exit 2 fi +elif [ "$cmd" = keypair -a "$pubkey" ]; then + openssl pkey -pubout <"$privkey" >"$pubkey" fi -- cgit v1.2.3