-
Notifications
You must be signed in to change notification settings - Fork 2
/
php-ca.php
155 lines (116 loc) · 3.99 KB
/
php-ca.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
<?
/*--------------------------------------------------
| PHP-CA
| By Dan Zelisko & Tom Ptaszynski
| Copyright (c) 2010 Daniel Zelisko
| Email: [email protected]
+--------------------------------------------------
| bugs/suggestions to http://github.com/danielzzz/php-ca
+--------------------------------------------------
| This script has been created and released under
| the GNU GPL and is free to use and redistribute
| only if this copyright statement is not removed
+--------------------------------------------------*/
// --- tar.gz helper class ----
require('./lib/archive.php');
//this should be unique for each client
$commonName = 'ayd-test';
// your openvnp network name
$networkName = 'testvpn';
// open vpn server config
$openVPNServer = 'your.remote.openvpn.server.com';
$openVPNPort = 1194;
// server key and cert
$serverCertPath = "./server_keys/ca.crt";
$serverKeyPath = './server_keys/ca.key';
// output directory - it should be writtable - don't forget a trailing slash
$outputDir = "./";
//--------------------------------------------------------------------
// you should not need to modify anything below this line
//--------------------------------------------------------------------
$tmpDir = $outputDir.$networkName.'-'.$commonName;
$filesToCompress = array();
//prepare tar.gzip archive
$outputFile = './'.$networkName.'-'.$commonName.'.tar.gz';
$archive = new gzip_file($outputFile);
$archive->set_options(array('basedir' => $outputDir, 'storepaths'=>0, 'overwrite' => 1, 'level' => 2));
$dn = array(
"countryName" => 'ES',
"stateOrProvinceName" => 'Baleares',
"localityName" => 'Palma de Mallorca',
"organizationName" => 'MyORG',
"organizationalUnitName" => 'AYD test',
"commonName" => $commonName,
"emailAddress" => '[email protected]'
);
$privkeypass = null;
$numberofdays = 3650;
//load previously generated server private key
$fp=fopen($serverKeyPath,"r");
$caData = fread($fp,8192);
fclose($fp);
// $passphrase is required if your key is encoded (suggested)
$caKey = openssl_get_privatekey($caData);
//load previously generated server cartificate
$fp=fopen($serverCertPath,"r");
$caCrt = fread($fp,8192);
fclose($fp);
//--------------- generating a new user cert and key -------------
// create private key for the user
$privkey = openssl_pkey_new();
openssl_pkey_export($privkey, $privatekey, $privkeypass);
//make certificate request for the user
$csr = openssl_csr_new($dn, $privatekey);
openssl_csr_export($csr, $csrStr);
//sign certificate request with the CA key
$sscert = openssl_csr_sign($csrStr, $caCrt, $caKey, $numberofdays);
openssl_x509_export($sscert, $publickey);
//create a tmp dir
mkdir($tmpDir);
//write a private key
echo "writting private key...\n";
echo $privatekey; // Will hold the exported PriKey
$path = $tmpDir."/".$commonName.'.key';
file_put_contents($path, $privatekey);
$archive->add_files($path);
//write an user cert
echo "writting ceritifate...\n";
echo $publickey; // Will hold the exported Certificate
$path = $tmpDir."/".$commonName.'.crt';
file_put_contents($path, $publickey);
$archive->add_files($path);
//copy server certificate (we need it for openvpn config)
$path = $tmpDir.'/'.$networkName.'.crt';
copy('./server_keys/ca.crt', $path);
echo "copying server certificate...\n";
$archive->add_files($path);
//generate and write openvpn config file
$config = "client
dev tun
tun-mtu 1200
proto udp
remote $openVPNServer $openVPNPort
resolv-retry infinite
nobind
persist-key
persist-tun
ca /etc/openvpn/$networkName.crt
cert /etc/openvpn/$commonName.crt
key /etc/openvpn/{$commonName}.key
comp-lzo
verb 5
";
$path = $tmpDir.'/'.$networkName.'.conf';
$filesToCompress[] = $path;
file_put_contents($path, $config);
$archive->add_files($path);
echo "generated files are in: ".$tmpDir." directory \n";
$archive->create_archive();
if(isset($archive->errors) && count($archive->errors)>0) {
echo "ERROR while creating a tar.gz archive\n";
exit(1);
}
echo "{$outputFile} file created\n";
exit(0);
//remove tmp dir
?>