actube/ssl/mkcert.sh

#!/bin/sh

KEYSIZE=2048
#OPENSSL="../src/contrib/openssl-1.0.1i/apps/openssl"
OPENSSL="openssl"

set -x

NAME=$1
TYPE=$2

DAYS=6000

DIR=./certs
ROOT_CA_DIR=./root-ca
INT_CA_DIR=./intermediate-ca


if [ ! -e $DIR ] 
then
	mkdir $DIR
fi


createcert() 
{
	SUBJ=$1
	CNF=$2


	if [ ! -z $TYPE ]
	then
		PREF="$TYPE-"
	fi
	$OPENSSL genrsa -out $DIR/$NAME.key $KEYSIZE
	$OPENSSL req -sha256 -new -key $DIR/$NAME.key -out $DIR/$NAME.req   \
       		 -subj "$SUBJ"


	$OPENSSL ca -config openssl.cnf  \
		   -keyfile $INT_CA_DIR/${PREF}int-ca.key \
		   -cert $INT_CA_DIR/${PREF}int-ca.crt \
		   -batch \
	  	    -extensions v3_ca \
		   -out $DIR/$NAME.crt -infiles $DIR/$NAME.req 

	$OPENSSL x509 -in $DIR/$NAME.crt -out $DIR/$NAME.pem
	cat $INT_CA_DIR/${PREF}int-ca.crt >> $DIR/$NAME.pem
	cat $ROOT_CA_DIR/${PREF}root-ca.crt >> $DIR/$NAME.pem
	echo "Root finger print:"
	$OPENSSL x509 -in $ROOT_CA_DIR/${PREF}root-ca.crt -noout -sha1 -fingerprint
	echo "Int finger print:"
	$OPENSSL x509 -in $INT_CA_DIR/${PREF}int-ca.crt -noout -sha1 -fingerprint
	echo "Cert finger print:"
	$OPENSSL x509 -in $DIR/${NAME}.crt -noout -sha1 -fingerprint

}


if [ -z $TYPE ]
then
	SUBJ="/C=DE/ST=Berlin/L=Berlin/O=Cauwersin/CN=C1130-c80aa9cd7fa4/emailAddress=7u83@mail.ru"
	createcert $SUBJ
fi


if [ "$TYPE" = "cisco-ac" ] 
then
	SUBJ="/C=US/ST=California/L=San Jose/O=Cisco Virtual Wireless LAN Controller/CN=DEVICE-AC-TUBE/emailAddress=7u83@mail.ru"
	createcert "$SUBJ"
fi


if [ "$TYPE" = "cisco-ap" ]
then
	PREF="$2-"
	SUBJ="/C=US/ST=California/L=San Jose/O=Cisco Systems/CN=C1130-0800276edf58/emailAddress=support@cisco.com"

       openssl req -nodes -new -x509 \
                -sha1 \
                -extensions v3_ca \
                -days ${DAYS} \
                -newkey rsa:${KEYSIZE} \
                -keyout certs/${NAME}.key -out certs/${NAME}.crt \
                -config openssl.cnf \
                -x509 \
                -subj "$SUBJ" 

	$OPENSSL x509 -in $DIR/$NAME.crt -out $DIR/$NAME.pem -days=${DAYS}


fi
Get it work under FreeBSD FossilOrigin-Name: dbf6c9aef90847e18cdbac6b9212e1195f702f380759bd9abf41d6e247fe6df5 2020-03-07 09:34:33 +01:00			`#!/bin/sh`
Creates one certificate FossilOrigin-Name: 091f46c0cbc727d4ad7300543bf4cf0baa0b2c150daf099b8a19285b6a753d4c 2015-01-24 08:15:27 +01:00
			`KEYSIZE=2048`
Sign certs for cisco ap (but still not works) FossilOrigin-Name: 1951c37c5767fd24e99cb3fe5f8a66cde6d5c82f4a7d7cc71c6a4705fd8709d1 2015-02-01 13:35:52 +01:00			`#OPENSSL="../src/contrib/openssl-1.0.1i/apps/openssl"`
			`OPENSSL="openssl"`
Creates one certificate FossilOrigin-Name: 091f46c0cbc727d4ad7300543bf4cf0baa0b2c150daf099b8a19285b6a753d4c 2015-01-24 08:15:27 +01:00
Sign certs for cisco ap (but still not works) FossilOrigin-Name: 1951c37c5767fd24e99cb3fe5f8a66cde6d5c82f4a7d7cc71c6a4705fd8709d1 2015-02-01 13:35:52 +01:00			`set -x`
Creates one certificate FossilOrigin-Name: 091f46c0cbc727d4ad7300543bf4cf0baa0b2c150daf099b8a19285b6a753d4c 2015-01-24 08:15:27 +01:00
			`NAME=$1`
Code cleanup. FossilOrigin-Name: 20b3d3b9303a339a65e79564544335fdd85c83e2ecc47e84148bbf3bf5703ea6 2015-02-03 08:21:04 +01:00			`TYPE=$2`
Added option for "simple" certificate "simple" means, issued certificates are directly signed by root CA, no chaining. FossilOrigin-Name: 79ee157b5b2e7bb9529049f646d882a0d1aac58c01b4f7d0438d4948faa4f0f6 2015-01-24 11:05:54 +01:00
moved local_cfg, remote_cfg ... to cw_ElemData struct 2022-07-28 01:36:16 +02:00			`DAYS=6000`
Added option for "simple" certificate "simple" means, issued certificates are directly signed by root CA, no chaining. FossilOrigin-Name: 79ee157b5b2e7bb9529049f646d882a0d1aac58c01b4f7d0438d4948faa4f0f6 2015-01-24 11:05:54 +01:00
Code cleanup. FossilOrigin-Name: 20b3d3b9303a339a65e79564544335fdd85c83e2ecc47e84148bbf3bf5703ea6 2015-02-03 08:21:04 +01:00			`DIR=./certs`
			`ROOT_CA_DIR=./root-ca`
			`INT_CA_DIR=./intermediate-ca`

Creates one certificate FossilOrigin-Name: 091f46c0cbc727d4ad7300543bf4cf0baa0b2c150daf099b8a19285b6a753d4c 2015-01-24 08:15:27 +01:00
Code cleanup. FossilOrigin-Name: 20b3d3b9303a339a65e79564544335fdd85c83e2ecc47e84148bbf3bf5703ea6 2015-02-03 08:21:04 +01:00			`if [ ! -e $DIR ]`
Sign certs for cisco ap (but still not works) FossilOrigin-Name: 1951c37c5767fd24e99cb3fe5f8a66cde6d5c82f4a7d7cc71c6a4705fd8709d1 2015-02-01 13:35:52 +01:00			`then`
Code cleanup. FossilOrigin-Name: 20b3d3b9303a339a65e79564544335fdd85c83e2ecc47e84148bbf3bf5703ea6 2015-02-03 08:21:04 +01:00			`mkdir $DIR`
Sign certs for cisco ap (but still not works) FossilOrigin-Name: 1951c37c5767fd24e99cb3fe5f8a66cde6d5c82f4a7d7cc71c6a4705fd8709d1 2015-02-01 13:35:52 +01:00			`fi`


Creates one certificate FossilOrigin-Name: 091f46c0cbc727d4ad7300543bf4cf0baa0b2c150daf099b8a19285b6a753d4c 2015-01-24 08:15:27 +01:00
Code cleanup. FossilOrigin-Name: 20b3d3b9303a339a65e79564544335fdd85c83e2ecc47e84148bbf3bf5703ea6 2015-02-03 08:21:04 +01:00			`createcert()`
			`{`
			`SUBJ=$1`
			`CNF=$2`
Creates one certificate FossilOrigin-Name: 091f46c0cbc727d4ad7300543bf4cf0baa0b2c150daf099b8a19285b6a753d4c 2015-01-24 08:15:27 +01:00
Sign certs for cisco ap (but still not works) FossilOrigin-Name: 1951c37c5767fd24e99cb3fe5f8a66cde6d5c82f4a7d7cc71c6a4705fd8709d1 2015-02-01 13:35:52 +01:00
Code cleanup. FossilOrigin-Name: 20b3d3b9303a339a65e79564544335fdd85c83e2ecc47e84148bbf3bf5703ea6 2015-02-03 08:21:04 +01:00			`if [ ! -z $TYPE ]`
			`then`
			`PREF="$TYPE-"`
			`fi`
			`$OPENSSL genrsa -out $DIR/$NAME.key $KEYSIZE`
some improvements to support Cisco. FossilOrigin-Name: 9f0d9e58d55f90bd2020ef622b2501bccbb6038972c04550cb06248139b080c5 2015-03-12 23:21:57 +01:00			`$OPENSSL req -sha256 -new -key $DIR/$NAME.key -out $DIR/$NAME.req \`
Code cleanup. FossilOrigin-Name: 20b3d3b9303a339a65e79564544335fdd85c83e2ecc47e84148bbf3bf5703ea6 2015-02-03 08:21:04 +01:00			`-subj "$SUBJ"`
Added option for "simple" certificate "simple" means, issued certificates are directly signed by root CA, no chaining. FossilOrigin-Name: 79ee157b5b2e7bb9529049f646d882a0d1aac58c01b4f7d0438d4948faa4f0f6 2015-01-24 11:05:54 +01:00
Creates one certificate FossilOrigin-Name: 091f46c0cbc727d4ad7300543bf4cf0baa0b2c150daf099b8a19285b6a753d4c 2015-01-24 08:15:27 +01:00
Fixed issues with creating cisco cert. FossilOrigin-Name: 16ebea6ee7650a6f9f11cb31fc94683c1e2eb57a0762b37613599dcac28ae14d 2016-03-01 09:31:16 +01:00			`$OPENSSL ca -config openssl.cnf \`
Code cleanup. FossilOrigin-Name: 20b3d3b9303a339a65e79564544335fdd85c83e2ecc47e84148bbf3bf5703ea6 2015-02-03 08:21:04 +01:00			`-keyfile $INT_CA_DIR/${PREF}int-ca.key \`
			`-cert $INT_CA_DIR/${PREF}int-ca.crt \`
			`-batch \`
			`-extensions v3_ca \`
			`-out $DIR/$NAME.crt -infiles $DIR/$NAME.req`
Creates one certificate FossilOrigin-Name: 091f46c0cbc727d4ad7300543bf4cf0baa0b2c150daf099b8a19285b6a753d4c 2015-01-24 08:15:27 +01:00
Code cleanup. FossilOrigin-Name: 20b3d3b9303a339a65e79564544335fdd85c83e2ecc47e84148bbf3bf5703ea6 2015-02-03 08:21:04 +01:00			`$OPENSSL x509 -in $DIR/$NAME.crt -out $DIR/$NAME.pem`
			`cat $INT_CA_DIR/${PREF}int-ca.crt >> $DIR/$NAME.pem`
			`cat $ROOT_CA_DIR/${PREF}root-ca.crt >> $DIR/$NAME.pem`
Certificate stuff FossilOrigin-Name: f5efe9f37f9bcc74b5f814cdb48dd4986ccbc6088bf5431f4a51583b97e182e3 2015-02-09 22:04:54 +01:00			`echo "Root finger print:"`
			`$OPENSSL x509 -in $ROOT_CA_DIR/${PREF}root-ca.crt -noout -sha1 -fingerprint`
			`echo "Int finger print:"`
Code cleanup. FossilOrigin-Name: 20b3d3b9303a339a65e79564544335fdd85c83e2ecc47e84148bbf3bf5703ea6 2015-02-03 08:21:04 +01:00			`$OPENSSL x509 -in $INT_CA_DIR/${PREF}int-ca.crt -noout -sha1 -fingerprint`
Certificate stuff FossilOrigin-Name: f5efe9f37f9bcc74b5f814cdb48dd4986ccbc6088bf5431f4a51583b97e182e3 2015-02-09 22:04:54 +01:00			`echo "Cert finger print:"`
			`$OPENSSL x509 -in $DIR/${NAME}.crt -noout -sha1 -fingerprint`
Creates one certificate FossilOrigin-Name: 091f46c0cbc727d4ad7300543bf4cf0baa0b2c150daf099b8a19285b6a753d4c 2015-01-24 08:15:27 +01:00
Code cleanup. FossilOrigin-Name: 20b3d3b9303a339a65e79564544335fdd85c83e2ecc47e84148bbf3bf5703ea6 2015-02-03 08:21:04 +01:00			`}`
Creates one certificate FossilOrigin-Name: 091f46c0cbc727d4ad7300543bf4cf0baa0b2c150daf099b8a19285b6a753d4c 2015-01-24 08:15:27 +01:00

Code cleanup. FossilOrigin-Name: 20b3d3b9303a339a65e79564544335fdd85c83e2ecc47e84148bbf3bf5703ea6 2015-02-03 08:21:04 +01:00			`if [ -z $TYPE ]`
Added option for "simple" certificate "simple" means, issued certificates are directly signed by root CA, no chaining. FossilOrigin-Name: 79ee157b5b2e7bb9529049f646d882a0d1aac58c01b4f7d0438d4948faa4f0f6 2015-01-24 11:05:54 +01:00			`then`
Code cleanup. FossilOrigin-Name: 20b3d3b9303a339a65e79564544335fdd85c83e2ecc47e84148bbf3bf5703ea6 2015-02-03 08:21:04 +01:00			`SUBJ="/C=DE/ST=Berlin/L=Berlin/O=Cauwersin/CN=C1130-c80aa9cd7fa4/emailAddress=7u83@mail.ru"`
			`createcert $SUBJ`
			`fi`
Sign certs for cisco ap (but still not works) FossilOrigin-Name: 1951c37c5767fd24e99cb3fe5f8a66cde6d5c82f4a7d7cc71c6a4705fd8709d1 2015-02-01 13:35:52 +01:00
partial conversion to OpenSSL 1.1.1 2022-07-11 08:26:56 +02:00
Code cleanup. FossilOrigin-Name: 20b3d3b9303a339a65e79564544335fdd85c83e2ecc47e84148bbf3bf5703ea6 2015-02-03 08:21:04 +01:00			`if [ "$TYPE" = "cisco-ac" ]`
Sign certs for cisco ap (but still not works) FossilOrigin-Name: 1951c37c5767fd24e99cb3fe5f8a66cde6d5c82f4a7d7cc71c6a4705fd8709d1 2015-02-01 13:35:52 +01:00			`then`
Code cleanup. FossilOrigin-Name: 20b3d3b9303a339a65e79564544335fdd85c83e2ecc47e84148bbf3bf5703ea6 2015-02-03 08:21:04 +01:00			`SUBJ="/C=US/ST=California/L=San Jose/O=Cisco Virtual Wireless LAN Controller/CN=DEVICE-AC-TUBE/emailAddress=7u83@mail.ru"`
Added missing quotes for subject. FossilOrigin-Name: ac98181f0617717ead4c325ffebe3626a36964bc63fa4603e9b317bc61a1331e 2015-02-06 21:12:30 +01:00			`createcert "$SUBJ"`
Code cleanup. FossilOrigin-Name: 20b3d3b9303a339a65e79564544335fdd85c83e2ecc47e84148bbf3bf5703ea6 2015-02-03 08:21:04 +01:00			`fi`
Fixed missing certificate chain in cisco certs. FossilOrigin-Name: 3f22f82b9b04cc181f7c0c124cf7642ce07f404a62bbced1922b7f681e198865 2015-01-24 17:07:20 +01:00

Code cleanup. FossilOrigin-Name: 20b3d3b9303a339a65e79564544335fdd85c83e2ecc47e84148bbf3bf5703ea6 2015-02-03 08:21:04 +01:00			`if [ "$TYPE" = "cisco-ap" ]`
			`then`
			`PREF="$2-"`
Switch to LibreSSL FossilOrigin-Name: cc5e278c4dfa4d8f01063c5957b1ea7a54403e92b30579c2a7ca91e2a501ceed 2020-03-08 23:00:54 +01:00			`SUBJ="/C=US/ST=California/L=San Jose/O=Cisco Systems/CN=C1130-0800276edf58/emailAddress=support@cisco.com"`
some improvements to support Cisco. FossilOrigin-Name: 9f0d9e58d55f90bd2020ef622b2501bccbb6038972c04550cb06248139b080c5 2015-03-12 23:21:57 +01:00
			`openssl req -nodes -new -x509 \`
			`-sha1 \`
			`-extensions v3_ca \`
moved local_cfg, remote_cfg ... to cw_ElemData struct 2022-07-28 01:36:16 +02:00			`-days ${DAYS} \`
			`-newkey rsa:${KEYSIZE} \`
some improvements to support Cisco. FossilOrigin-Name: 9f0d9e58d55f90bd2020ef622b2501bccbb6038972c04550cb06248139b080c5 2015-03-12 23:21:57 +01:00			`-keyout certs/${NAME}.key -out certs/${NAME}.crt \`
			`-config openssl.cnf \`
			`-x509 \`
partial conversion to OpenSSL 1.1.1 2022-07-11 08:26:56 +02:00			`-subj "$SUBJ"`
some improvements to support Cisco. FossilOrigin-Name: 9f0d9e58d55f90bd2020ef622b2501bccbb6038972c04550cb06248139b080c5 2015-03-12 23:21:57 +01:00
moved local_cfg, remote_cfg ... to cw_ElemData struct 2022-07-28 01:36:16 +02:00			`$OPENSSL x509 -in $DIR/$NAME.crt -out $DIR/$NAME.pem -days=${DAYS}`
some improvements to support Cisco. FossilOrigin-Name: 9f0d9e58d55f90bd2020ef622b2501bccbb6038972c04550cb06248139b080c5 2015-03-12 23:21:57 +01:00
Sign certs for cisco ap (but still not works) FossilOrigin-Name: 1951c37c5767fd24e99cb3fe5f8a66cde6d5c82f4a7d7cc71c6a4705fd8709d1 2015-02-01 13:35:52 +01:00
Creates one certificate FossilOrigin-Name: 091f46c0cbc727d4ad7300543bf4cf0baa0b2c150daf099b8a19285b6a753d4c 2015-01-24 08:15:27 +01:00
Code cleanup. FossilOrigin-Name: 20b3d3b9303a339a65e79564544335fdd85c83e2ecc47e84148bbf3bf5703ea6 2015-02-03 08:21:04 +01:00			`fi`
Creates one certificate FossilOrigin-Name: 091f46c0cbc727d4ad7300543bf4cf0baa0b2c150daf099b8a19285b6a753d4c 2015-01-24 08:15:27 +01:00