actube/ssl/mkcert.sh

#!/bin/sh

KEYSIZE=2048

#set -x

NAME=$1
PREF=$2

#if [ ! -z $2 ]
#then
#	PREF=""
#fi


SUBJ="/C=DE/ST=Berlin/L=Berlin/O=Cauwersin/CN=7u83.cauwersin.com/emailAddress=7u83@mail.ru"
if [ "$PREF" = "cisco" ] 
then
	PREF="$2-"
	SUBJ="/C=US/ST=California/L=San Jose/O=Cisco Virtual Wireless LAN Controller/CN=DEVICE-AC-TUBE/emailAddress=7u83@mail.ru"
fi


DIR=./certs
ROOT_CA_DIR=./root-ca
INT_CA_DIR=./intermediate-ca

echo $NAME

if [ ! -e $DIR ] 
then
	mkdir $DIR
fi


openssl req -nodes -newkey rsa:$KEYSIZE -keyout $DIR/$NAME.key -out $DIR/$NAME.req   \
        -subj "$SUBJ"

if [ "$PREF" = "simple" ]
then
openssl ca -config openssl-simple.cnf  \
	   -keyfile $ROOT_CA_DIR/${PREF}-root-ca.key \
	   -cert $ROOT_CA_DIR/${PREF}-root-ca.crt \
	   -batch \
	   -out $DIR/$NAME.crt -infiles $DIR/$NAME.req 

openssl x509 -in $DIR/$NAME.crt -out $DIR/$NAME.pem

else
openssl ca -config openssl-int.cnf  \
	   -keyfile $INT_CA_DIR/${PREF}int-ca.key \
	   -cert $INT_CA_DIR/${PREF}int-ca.crt \
	   -batch \
	   -out $DIR/$NAME.crt -infiles $DIR/$NAME.req 


openssl x509 -in $DIR/$NAME.crt -out $DIR/$NAME.pem
cat $INT_CA_DIR/${PREF}int-ca.crt >> $DIR/$NAME.pem
cat $ROOT_CA_DIR/${PREF}root-ca.crt >> $DIR/$NAME.pem
fi
Creates one certificate FossilOrigin-Name: 091f46c0cbc727d4ad7300543bf4cf0baa0b2c150daf099b8a19285b6a753d4c 2015-01-24 08:15:27 +01:00			`#!/bin/sh`

			`KEYSIZE=2048`

Added option for "simple" certificate "simple" means, issued certificates are directly signed by root CA, no chaining. FossilOrigin-Name: 79ee157b5b2e7bb9529049f646d882a0d1aac58c01b4f7d0438d4948faa4f0f6 2015-01-24 11:05:54 +01:00			`#set -x`
Creates one certificate FossilOrigin-Name: 091f46c0cbc727d4ad7300543bf4cf0baa0b2c150daf099b8a19285b6a753d4c 2015-01-24 08:15:27 +01:00
			`NAME=$1`
			`PREF=$2`
Added option for "simple" certificate "simple" means, issued certificates are directly signed by root CA, no chaining. FossilOrigin-Name: 79ee157b5b2e7bb9529049f646d882a0d1aac58c01b4f7d0438d4948faa4f0f6 2015-01-24 11:05:54 +01:00
			`#if [ ! -z $2 ]`
			`#then`
			`# PREF=""`
			`#fi`


Creates one certificate FossilOrigin-Name: 091f46c0cbc727d4ad7300543bf4cf0baa0b2c150daf099b8a19285b6a753d4c 2015-01-24 08:15:27 +01:00			`SUBJ="/C=DE/ST=Berlin/L=Berlin/O=Cauwersin/CN=7u83.cauwersin.com/emailAddress=7u83@mail.ru"`
Added option for "simple" certificate "simple" means, issued certificates are directly signed by root CA, no chaining. FossilOrigin-Name: 79ee157b5b2e7bb9529049f646d882a0d1aac58c01b4f7d0438d4948faa4f0f6 2015-01-24 11:05:54 +01:00			`if [ "$PREF" = "cisco" ]`
Creates one certificate FossilOrigin-Name: 091f46c0cbc727d4ad7300543bf4cf0baa0b2c150daf099b8a19285b6a753d4c 2015-01-24 08:15:27 +01:00			`then`
			`PREF="$2-"`
			`SUBJ="/C=US/ST=California/L=San Jose/O=Cisco Virtual Wireless LAN Controller/CN=DEVICE-AC-TUBE/emailAddress=7u83@mail.ru"`
			`fi`



Added option for "simple" certificate "simple" means, issued certificates are directly signed by root CA, no chaining. FossilOrigin-Name: 79ee157b5b2e7bb9529049f646d882a0d1aac58c01b4f7d0438d4948faa4f0f6 2015-01-24 11:05:54 +01:00
Creates one certificate FossilOrigin-Name: 091f46c0cbc727d4ad7300543bf4cf0baa0b2c150daf099b8a19285b6a753d4c 2015-01-24 08:15:27 +01:00			`DIR=./certs`
			`ROOT_CA_DIR=./root-ca`
			`INT_CA_DIR=./intermediate-ca`

			`echo $NAME`

			`if [ ! -e $DIR ]`
			`then`
			`mkdir $DIR`
			`fi`


			`openssl req -nodes -newkey rsa:$KEYSIZE -keyout $DIR/$NAME.key -out $DIR/$NAME.req \`
			`-subj "$SUBJ"`

Added option for "simple" certificate "simple" means, issued certificates are directly signed by root CA, no chaining. FossilOrigin-Name: 79ee157b5b2e7bb9529049f646d882a0d1aac58c01b4f7d0438d4948faa4f0f6 2015-01-24 11:05:54 +01:00			`if [ "$PREF" = "simple" ]`
			`then`
			`openssl ca -config openssl-simple.cnf \`
			`-keyfile $ROOT_CA_DIR/${PREF}-root-ca.key \`
			`-cert $ROOT_CA_DIR/${PREF}-root-ca.crt \`
			`-batch \`
			`-out $DIR/$NAME.crt -infiles $DIR/$NAME.req`

Fixed missing certificate chain in cisco certs. FossilOrigin-Name: 3f22f82b9b04cc181f7c0c124cf7642ce07f404a62bbced1922b7f681e198865 2015-01-24 17:07:20 +01:00			`openssl x509 -in $DIR/$NAME.crt -out $DIR/$NAME.pem`

Added option for "simple" certificate "simple" means, issued certificates are directly signed by root CA, no chaining. FossilOrigin-Name: 79ee157b5b2e7bb9529049f646d882a0d1aac58c01b4f7d0438d4948faa4f0f6 2015-01-24 11:05:54 +01:00			`else`
Creates one certificate FossilOrigin-Name: 091f46c0cbc727d4ad7300543bf4cf0baa0b2c150daf099b8a19285b6a753d4c 2015-01-24 08:15:27 +01:00			`openssl ca -config openssl-int.cnf \`
			`-keyfile $INT_CA_DIR/${PREF}int-ca.key \`
			`-cert $INT_CA_DIR/${PREF}int-ca.crt \`
			`-batch \`
			`-out $DIR/$NAME.crt -infiles $DIR/$NAME.req`
Fixed missing certificate chain in cisco certs. FossilOrigin-Name: 3f22f82b9b04cc181f7c0c124cf7642ce07f404a62bbced1922b7f681e198865 2015-01-24 17:07:20 +01:00

			`openssl x509 -in $DIR/$NAME.crt -out $DIR/$NAME.pem`
Added option for "simple" certificate "simple" means, issued certificates are directly signed by root CA, no chaining. FossilOrigin-Name: 79ee157b5b2e7bb9529049f646d882a0d1aac58c01b4f7d0438d4948faa4f0f6 2015-01-24 11:05:54 +01:00			`cat $INT_CA_DIR/${PREF}int-ca.crt >> $DIR/$NAME.pem`
			`cat $ROOT_CA_DIR/${PREF}root-ca.crt >> $DIR/$NAME.pem`
			`fi`
Creates one certificate FossilOrigin-Name: 091f46c0cbc727d4ad7300543bf4cf0baa0b2c150daf099b8a19285b6a753d4c 2015-01-24 08:15:27 +01:00