#!/bin/bash # # Initialize the EasyRSA PKI # if [ "$DEBUG" == "1" ]; then set -x fi set -e if [ -z "$OPENVPN" ]; then export OPENVPN="$PWD" fi [ -f $OPENVPN/server ] || { echo "Missing OpenVPN server setup!"; exit 1; } cn="$1" server="$(cat $OPENVPN/server)" # generate client cert if [ -f "$EASYRSA_PKI/issued/${cn}.crt" ]; then echo "Certificate for \"${cn}\" already exists !" >&2 exit 1 fi # Ensure folders exist mkdir -p $OPENVPN/pki/reqs $OPENVPN/pki/issued $OPENVPN/pki/certs_by_serial $OPENVPN/otp $OPENVPN/ccd cat << EOF | easyrsa build-client-full "$cn" nopass yes EOF # Skip confirmation if not running in interctive mode. Essential for integration tests. google-authenticator --time-based --disallow-reuse --force --rate-limit=3 --rate-time=30 --window-size=3 \ -l "${cn}" -i "${server}" -s /etc/openvpn/otp/${cn}.google_authenticator --no-confirm -q