def certidude_setup_strongswan_client(url, config, secrets, email_address, common_name, org_unit, directory, key_path, request_path, certificate_path, authority_path, remote, auto, dpdaction): retval = certidude_request_certificate(url, key_path, request_path, certificate_path, authority_path, common_name, org_unit, email_address, wait=True) if retval: return retval # TODO: Add dhparam config.write( env.get_template("strongswan-client-to-site.conf").render(locals())) click.echo("Generated %s" % config.name) click.echo() click.echo("Inspect newly created %s and start strongSwan service:" % config.name) click.echo() click.echo(" apt-get install strongswan strongswan-starter") click.echo(" service strongswan restart") click.echo()
def certidude_setup_openvpn_client(url, config, email_address, common_name, org_unit, directory, key_path, request_path, certificate_path, authority_path, proto, remote): retval = certidude_request_certificate(url, key_path, request_path, certificate_path, authority_path, common_name, org_unit, email_address, wait=True) if retval: return retval # TODO: Add dhparam config.write( env.get_template("openvpn-client-to-site.ovpn").render(locals())) click.echo("Generated %s" % config.name) click.echo() click.echo("Inspect newly created %s and start OpenVPN service:" % config.name) click.echo() click.echo(" service openvpn restart") click.echo()
def certidude_setup_strongswan_client(url, config, secrets, email_address, common_name, org_unit, directory, key_path, request_path, certificate_path, authority_path, remote, auto, dpdaction): retval = certidude_request_certificate( url, key_path, request_path, certificate_path, authority_path, common_name, org_unit, email_address, wait=True) if retval: return retval # TODO: Add dhparam config.write(env.get_template("strongswan-client-to-site.conf").render(locals())) click.echo("Generated %s" % config.name) click.echo() click.echo("Inspect newly created %s and start strongSwan service:" % config.name) click.echo() click.echo(" apt-get install strongswan strongswan-starter") click.echo(" service strongswan restart") click.echo()
def certidude_setup_openvpn_client(url, config, email_address, common_name, org_unit, directory, key_path, request_path, certificate_path, authority_path, proto, remote): retval = certidude_request_certificate( url, key_path, request_path, certificate_path, authority_path, common_name, org_unit, email_address, wait=True) if retval: return retval # TODO: Add dhparam config.write(env.get_template("openvpn-client-to-site.ovpn").render(locals())) click.echo("Generated %s" % config.name) click.echo() click.echo("Inspect newly created %s and start OpenVPN service:" % config.name) click.echo() click.echo(" service openvpn restart") click.echo()
def certidude_setup_openvpn_server(url, config, subnet, route, email_address, common_name, org_unit, directory, key_path, request_path, certificate_path, authority_path, dhparam_path, local, proto, port): # TODO: Intelligent way of getting last IP address in the subnet subnet_first = None subnet_last = None subnet_second = None for addr in subnet.hosts(): if not subnet_first: subnet_first = addr continue if not subnet_second: subnet_second = addr subnet_last = addr if not os.path.exists(certificate_path): click.echo( "As OpenVPN server certificate needs specific key usage extensions please" ) click.echo( "use following command to sign on Certidude server instead of web interface:" ) click.echo() click.echo(" certidude sign %s" % common_name) retval = certidude_request_certificate( url, key_path, request_path, certificate_path, authority_path, common_name, org_unit, email_address, key_usage="nonRepudiation,digitalSignature,keyEncipherment", extended_key_usage="serverAuth,ikeIntermediate", wait=True) if not os.path.exists(dhparam_path): cmd = "openssl", "dhparam", "-out", dhparam_path, "2048" subprocess.check_call(cmd) if retval: return retval # TODO: Add dhparam config.write( env.get_template("openvpn-site-to-client.ovpn").render(locals())) click.echo("Generated %s" % config.name) click.echo() click.echo("Inspect newly created %s and start OpenVPN service:" % config.name) click.echo() click.secho(" service openvpn restart", bold=True) click.echo()
def certidude_setup_openvpn_server(url, config, subnet, route, email_address, common_name, org_unit, directory, key_path, request_path, certificate_path, authority_path, dhparam_path, local, proto, port): # TODO: Intelligent way of getting last IP address in the subnet subnet_first = None subnet_last = None subnet_second = None for addr in subnet.hosts(): if not subnet_first: subnet_first = addr continue if not subnet_second: subnet_second = addr subnet_last = addr if not os.path.exists(certificate_path): click.echo("As OpenVPN server certificate needs specific key usage extensions please") click.echo("use following command to sign on Certidude server instead of web interface:") click.echo() click.echo(" certidude sign %s" % common_name) retval = certidude_request_certificate( url, key_path, request_path, certificate_path, authority_path, common_name, org_unit, email_address, key_usage="nonRepudiation,digitalSignature,keyEncipherment", extended_key_usage="serverAuth,ikeIntermediate", wait=True) if not os.path.exists(dhparam_path): cmd = "openssl", "dhparam", "-out", dhparam_path, "2048" subprocess.check_call(cmd) if retval: return retval # TODO: Add dhparam config.write(env.get_template("openvpn-site-to-client.ovpn").render(locals())) click.echo("Generated %s" % config.name) click.echo() click.echo("Inspect newly created %s and start OpenVPN service:" % config.name) click.echo() click.secho(" service openvpn restart", bold=True) click.echo()
def certidude_setup_strongswan_server(url, config, secrets, subnet, route, email_address, common_name, org_unit, directory, key_path, request_path, certificate_path, authority_path, local, ip_address, fqdn): config.write( env.get_template("strongswan-site-to-client.conf").render(locals())) if not os.path.exists(certificate_path): click.echo( "As strongSwan server certificate needs specific key usage extensions please" ) click.echo( "use following command to sign on Certidude server instead of web interface:" ) click.echo() click.echo(" certidude sign %s" % common_name) retval = certidude_request_certificate( url, key_path, request_path, certificate_path, authority_path, common_name, org_unit, email_address, key_usage="nonRepudiation,digitalSignature,keyEncipherment", extended_key_usage="serverAuth,ikeIntermediate", ipv4_address=None if local.is_private else local, dns=None if local.is_private or "." not in fdqn else fdqn, wait=True) if retval: return retval click.echo("Generated %s" % config.name) click.echo() click.echo("Inspect newly created %s and start strongSwan service:" % config.name) click.echo() click.echo( " apt-get install strongswan strongswan-starter strongswan-ikev2") click.secho(" service strongswan restart", bold=True) click.echo()
def certidude_setup_strongswan_server(url, config, secrets, subnet, route, email_address, common_name, org_unit, directory, key_path, request_path, certificate_path, authority_path, local, ip_address, fqdn): config.write(env.get_template("strongswan-site-to-client.conf").render(locals())) if not os.path.exists(certificate_path): click.echo("As strongSwan server certificate needs specific key usage extensions please") click.echo("use following command to sign on Certidude server instead of web interface:") click.echo() click.echo(" certidude sign %s" % common_name) retval = certidude_request_certificate( url, key_path, request_path, certificate_path, authority_path, common_name, org_unit, email_address, key_usage="nonRepudiation,digitalSignature,keyEncipherment", extended_key_usage="serverAuth,ikeIntermediate", ipv4_address=None if local.is_private else local, dns=None if local.is_private or "." not in fdqn else fdqn, wait=True) if retval: return retval click.echo("Generated %s" % config.name) click.echo() click.echo("Inspect newly created %s and start strongSwan service:" % config.name) click.echo() click.echo(" apt-get install strongswan strongswan-starter strongswan-ikev2") click.secho(" service strongswan restart", bold=True) click.echo()
def certidude_setup_client(quiet, **kwargs): return certidude_request_certificate(**kwargs)