How to generate openvpn client key dynamically with php and pass variables to shell command?
You can use shell_exec and get the result to use, for example, with a regex to match expiry the date of key etc, i.e.:
$ovpnKey = shell_exec("your command here");
The result of the command will held on var $ovpnKey
.
Update:
To automatize the creation of new OpenVPN client certificates, use the following script. Make sure you edit, at least, the following variables OPENVPN_RSA_DIR
OPENVPN_KEYS
KEY_DOWNLOAD_PATH
#! /bin/bash# Script to automate creating new OpenVPN clients# The client cert and key, along with the CA cert is# zipped up and placed somewhere to download securely## H Cooper - 05/02/11## Usage: new-openvpn-client.sh <common-name># Set where we're working fromOPENVPN_RSA_DIR=/etc/openvpn/easy-rsa/2.0OPENVPN_KEYS=$OPENVPN_RSA_DIR/keysKEY_DOWNLOAD_PATH=/var/www/secure# Either read the CN from $1 or prompt for itif [ -z "$1" ] then echo -n "Enter new client common name (CN): " read -e CNelse CN=$1fi# Ensure CN isn't blankif [ -z "$CN" ] then echo "You must provide a CN." exitfi# Check the CN doesn't already existif [ -f $OPENVPN_KEYS/$CN.crt ] then echo "Error: certificate with the CN $CN alread exists!" echo " $OPENVPN_KEYS/$CN.crt" exitfi# Enter the easy-rsa directory and establish the default variablescd $OPENVPN_RSA_DIRsource ./vars > /dev/null# Copied from build-key script (to ensure it works!)export EASY_RSA="${EASY_RSA:-.}""$EASY_RSA/pkitool" --batch $CN# Take the new cert and place it somewhere it can be downloaded securelyzip -q $KEY_DOWNLOAD_PATH/$CN-`date +%d%m%y`.zip keys/$CN.crt keys/$CN.key keys/ca.crt# Celebrate!echo ""echo "#############################################################"echo "COMPLETE! Download the new certificate here:"echo "https://domain.com/secure/$CN-`date +%d%m%y`.zip"echo "#############################################################"
Save the above bash script as new-openvpn-client.sh
and give it execute permissions.
Then use php shell_exec
to generate the keys:
$ovpnKey = shell_exec("sh /full/path/to/new-openvpn-client.sh <common-name>");
Sources: