From bc6a6528b6eb2455ee4f2d2567b53daaebd6a3d9 Mon Sep 17 00:00:00 2001 From: Mia von Steinkirch Date: Tue, 21 Jan 2020 15:57:31 -0800 Subject: [PATCH] =?UTF-8?q?=F0=9F=8E=AD=20add=20old=20scripts?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- README.md | 1 + vpn/README.md | 1 + vpn/generate_vpn_pki_resources.sh | 41 +++++++++++++++++++++++++++++++ vpn/push_vpn_pki_resources.sh | 30 ++++++++++++++++++++++ 4 files changed, 73 insertions(+) create mode 100644 vpn/README.md create mode 100755 vpn/generate_vpn_pki_resources.sh create mode 100755 vpn/push_vpn_pki_resources.sh diff --git a/README.md b/README.md index 42bb1e6..cc4fdbe 100644 --- a/README.md +++ b/README.md @@ -9,6 +9,7 @@ * [gcloud](https://github.com/bt3gl/Resources-Shell_Scripts_and_Dotfiles/tree/master/gcloud). * [vim](https://github.com/bt3gl/Resources-Shell_Scripts_and_Dotfiles/tree/master/vim). * [vscode](https://github.com/bt3gl/Resources-Shell_Scripts_and_Dotfiles/tree/master/vscode). +* [vpn](https://github.com/bt3gl/Resources-Shell_Scripts_and_Dotfiles/tree/master/vpn). * [elastic search](https://github.com/bt3gl/Resources-Shell_Scripts_and_Dotfiles/tree/master/elasticsearch). * [data science](https://github.com/bt3gl/Resources-Shell_Scripts_and_Dotfiles/tree/master/data_science). * [ubuntu](https://github.com/bt3gl/Resources-Shell_Scripts_and_Dotfiles/tree/master/ubuntu). diff --git a/vpn/README.md b/vpn/README.md new file mode 100644 index 0000000..8c2bf3f --- /dev/null +++ b/vpn/README.md @@ -0,0 +1 @@ +# Cloud Scripts diff --git a/vpn/generate_vpn_pki_resources.sh b/vpn/generate_vpn_pki_resources.sh new file mode 100755 index 0000000..4aed6ea --- /dev/null +++ b/vpn/generate_vpn_pki_resources.sh @@ -0,0 +1,41 @@ +#!/bin/bash +# This scripts creates PKI secrets +# Author: Mia von Steinkirch + +DOMAIN= +ACM_ENV= +ACM_DIR=~/.acm_secrets + +LOCAL_DIR=$(pwd) +git clone https://github.com/OpenVPN/easy-rsa.git && cd easy-rsa/easyrsa3 + +# Create PKI +./easyrsa init-pki + +# Generates the CA certificate without a password +yes | ./easyrsa build-ca nopass + +# Build server certificate without a password +./easyrsa build-server-full server"$DOMAIN" nopass + +# Build client certificate without a password +./easyrsa build-client-full client"$DOMAIN" nopass + +# Copy certificate files to a new directory +if [ -d "$ACM_DIR" ] +then + echo Info: directory "$ACM_DIR" exists. +else + mkdir "$ACM_DIR" +fi + +cp "$LOCAL_DIR"/easy-rsa/easyrsa3/pki/ca.crt "$ACM_DIR"/"$ACM_ENV"_ca.crt +cp "$LOCAL_DIR"/easy-rsa/easyrsa3/pki/issued/*.crt "$ACM_DIR" +cp "$LOCAL_DIR"/easy-rsa/easyrsa3/pki/private/*.key "$ACM_DIR" + +echo Info: Certificates and keys were generate in "$ACM_DIR" + +# Clean up +cd "$LOCAL_DIR" +rm -rf "$LOCAL_DIR"/easy-rsa + diff --git a/vpn/push_vpn_pki_resources.sh b/vpn/push_vpn_pki_resources.sh new file mode 100755 index 0000000..751d8bb --- /dev/null +++ b/vpn/push_vpn_pki_resources.sh @@ -0,0 +1,30 @@ +#!/bin/bash +# This script pushes PKI certs to AWS ACM. +# Author: Mia von Steinkirch + +ACM_ENV= +DOMAIN= +AWS_REGION= + +ACM_DIR=~/.acm_secrets + +CLIENT_KEY="$ACM_DIR"/client"$DOMAIN".key +CLIENT_CERT="$ACM_DIR"/client"$DOMAIN".crt +SERVER_KEY="$ACM_DIR"/server"$DOMAIN".key +SERVER_CERT="$ACM_DIR"/server"$DOMAIN".crt +CA_CERTIFICATE="$ACM_DIR"/"$ACM_ENV"_ca.crt + + +echo "Pushing client certificate and key to ACM..." + +CLIENT_CERT_ARN=`aws acm import-certificate --certificate file://"$CLIENT_CERT" --private-key file://"$CLIENT_KEY" --certificate-chain file://"$CA_CERTIFICATE" --region "$AWS_REGION" | jq '.CertificateArn' + +echo "Successfully pushed client certificate with ARN "$CLIENT_CERT_ARN + + +echo "Pushing server certificate and key to ACM..." + +SERVER_CERT_ARN=`aws acm import-certificate --certificate file://"$SERVER_CERT" --private-key file://"$SERVER_KEY" --certificate-chain file://"$CA_CERTIFICATE" --region "$AWS_REGION" | jq '.CertificateArn' + +echo "Successfully pushed client certificate with ARN "$SERVER_CERT_ARN +