X-Git-Url: https://iankelling.org/git/?p=vpn-setup;a=blobdiff_plain;f=client-cert-helper;fp=client-cert-helper;h=a1708134bd1eaf59e7bb481f1fb831fc664280d2;hp=f5b35ac43b53d35a2054802bcbcf2058ef8a539f;hb=1b488c8053cff1f09d025a20dc765a2079417eff;hpb=fc6198e7dc708aa5abc3a393e55a9f90bbf0f4d3

diff --git a/client-cert-helper b/client-cert-helper
index f5b35ac..a170813 100755
--- a/client-cert-helper
+++ b/client-cert-helper
@@ -16,14 +16,23 @@ if [[ -e /etc/openvpn/server ]]; then
   server_dir=/etc/openvpn/server
 fi
 
-cafile=$server_dir/ca.crt
+cafile=$server_dir/ca-$name.crt
 
+### begin section roughly copied from vpn-server-setup
+rsadir=/etc/openvpn/easy-rsa-$name
 new=true
-keyfiles=(/etc/openvpn/easy-rsa/pki/{issued/$common_name.crt,private/$common_name.key})
-if [[ -e /etc/openvpn/easy-rsa/build-ca ]]; then
+keyfiles=(
+  $rsadir/pki/private/$common_name.key
+  $rsadir/pki/issued/$common_name.crt
+)
+if [[ -e /etc/openvpn/easy-rsa-$name/build-ca ]]; then
   new=false
-  keyfiles=(/etc/openvpn/easy-rsa/keys/$name.{crt,key})
+  keyfiles=(
+    $rsadir/keys/$common_name.key
+    $rsadir/keys/$common_name.crt
+  )
 fi
+### end section roughly copied from vpn-server-setup
 
 if [[ ! -e $cafile ]]; then
   echo: error no cafile found at $cafile >/tmp/errors
@@ -40,7 +49,7 @@ done
 
 
 if ! $exists; then
-  cd /etc/openvpn/easy-rsa
+  cd /etc/openvpn/easy-rsa-$name
   if $new; then
     ./easyrsa build-client-full $common_name nopass >/dev/null
   else
@@ -51,10 +60,10 @@ if ! $exists; then
 fi
 
 d=$(mktemp -d)
-cp $cafile $d/$name-ca.crt
-cp ${keyfiles[@]} $d
-
-cp $server_dir/ta.key $d/$name-ta.key
+cp $server_dir/ta-$name.key $cafile $d
+for f in ${keyfiles[@]}; do
+  cp $f $d/$name.${f##*.}
+done
 
 tar cz -C $d .
 rm -rf $d