I'm writing a script to automate the creation of OpenVPN certificates, to add new clients to the VPN system. I'm building a small webpage (all internal and not approachable from the Internet) to allow users to input a client name, and out comes a zip file with the certificates, to be put on the new client pc (via Teamviewer).
The script (and webpage) operate from Ubuntu 14.04 server, running OpenVPN and Observium.
When I execute this script from the terminal, it works perfectly, and the certificates are created beautifully.
When I run this script from a browser executed by the PHP command:
shell_exec("sudo <path to script>/<script>.sh $clientname");
The certificates get cut off at 4096 bytes. Without fail. The certificates should be around 5600 bytes. When opened the certificates are visibly cut off (missing the closing tags).
What causes this? What should I do to resolve it?
The script is as follows:
#!/bin/bash
cd /etc/openvpn/easy-rsa/
source /etc/openvpn/easy-rsa/vars
expect -c "
spawn /etc/openvpn/easy-rsa/build-key $1
expect {Country Name (2 letter code) \[US\]:} { send \"\r\" }
expect {State or Province Name (full name) \[CA\]:} { send \"\r\" }
expect {Locality Name (eg, city) \[SanFrancisco\]:} { send \"\r\" }
expect {Organization Name (eg, company) \[Fort-Funston\]:} { send \"\r\" }
expect {Organizational Unit Name (eg, section) \[MyOrganizationalUnit\]:} { send \"\r\" }
expect {Common Name (eg, your name or your server's hostname) \[$1\]:} { send \"\r\" }
expect {Name \[EasyRSA\]:} { send \"\r\" }
expect {Email Address \[[email protected]\]:} { send \"\r\" }
expect {A challenge password \[\]:} { send \"\r\" }
expect {An optional company name \[\]:} { send \"\r\" }
expect {Sign the certificate? \[y/n\]:} { send \"y\r\" }
expect { commit? \[y/n\]} { send \"y\r\" }
expect {Data Base Updated}
interact"
This specific issue is resolved by not using the interactive shell in combination with spawn/expect/send. Using the CLI for OpenVPN directly (the pkitool, which is invoked by the build-key script) creates the files without any issues.
So the syntax would be: