actube/ssl/mkrootca.sh

91 lines
2.4 KiB
Bash
Raw Normal View History

#!/bin/sh
echo Creating Root CAs
KEYSIZE=2048
CONFIG=openssl.cnf
ROOT_CA_DIR=./root-ca
INT_CA_DIR=./intermediate-ca
if [ ! -e $ROOT_CA_DIR ]
then
echo "Initializing root-ca"
mkdir $ROOT_CA_DIR
echo '1000' > $ROOT_CA_DIR/serial
touch $ROOT_CA_DIR/index.txt
fi
if [ ! -e $INT_CA_DIR ]
then
echo "Initializing intermediate-ca"
mkdir $INT_CA_DIR
echo '1000' > $INT_CA_DIR/serial
touch $INT_CA_DIR/index.txt
fi
mkrootca()
{
ROOT_SUBJ=$1
INT_SUBJ=$2
NAME=$3
if [ ! -z $NAME ]
then
PREF="$NAME-"
fi
# Create a self-signed root CA
openssl req -nodes -new -x509 \
-sha1 \
-extensions v3_ca \
-days 3650 \
-newkey rsa:2048 \
-keyout $ROOT_CA_DIR/${PREF}root-ca.key -out $ROOT_CA_DIR/${PREF}root-ca.crt \
-config openssl.cnf \
-x509 \
-subj "$ROOT_SUBJ"
# Create a key for intermediate CA
openssl genrsa -out $INT_CA_DIR/${PREF}int-ca.key $KEYSIZE
# Create req for intermediate CA
openssl req -sha1 -new -key $INT_CA_DIR/${PREF}int-ca.key -out $INT_CA_DIR/${PREF}int-ca.csr \
-subj "$INT_SUBJ"
# Sign intermediate CA cert using previously created root CA
openssl ca -config openssl.cnf -batch -keyfile $ROOT_CA_DIR/${PREF}root-ca.key \
-cert $ROOT_CA_DIR/${PREF}root-ca.crt \
-extensions v3_ca -notext -md sha1 -in $INT_CA_DIR/${PREF}int-ca.csr \
-out $INT_CA_DIR/${PREF}int-ca.crt
}
ROOT_SUBJ="/C=DE/ST=Berlin/L=Berlin/O=Cauwersin/CN=7u83.cauwersin.com/emailAddress=7u83@mail.ru"
INT_SUBJ="$ROOT_SUBJ"
mkrootca "$ROOT_SUBJ" "$INT_SUBJ"
ROOT_SUBJ="/C=US/ST=California/L=San Jose/O=Cisco Virtual Wireless LAN Controller/CN=CA-vWLC-AIR-CTVM-K9-080027949DE0/emailAddress=support@vwlc.com"
INT_SUBJ="$ROOT_SUBJ"
mkrootca "$ROOT_SUBJ" "$INT_SUBJ" cisco-ac
#ROOT_SUBJ="/C=US/ST=California/L=San Jose/O=airespace Inc/CN=C1130-f866f2a342fc/emailAddress=support@airespace.com"
#ROOT_SUBJ="/C=US/ST=California/L=San Jose/O=Cisco Systems/CN=C1130-f866f2a342fc/emailAddress=support@cisco.com"
#ROOT_SUBJ="/ST=California/L=San Jose/C=US/O=Cisco Systems/CN=C1130-f866f2a342fc/emailAddress=support@cisco.com"
#ROOT_SUBJ="/C=US/ST=California/L=San Jose/O=Cisco Systems/CN=C1200-c80aa9cd7fa4/emailAddress=support@cisco.com"
#ROOT_SUBJ="/C=US/ST=California/L=San Jose/O=Cisco Systems/CN=Cisrot/emailAddress=support@cisco.com"
ROOT_SUBJ="/C=US/ST=California/L=San Jose/O=Cisco Systems/CN=C1130-c80aa9cd7fa4/emailAddress=support@cisco.com"
INT_SUBJ="$ROOT_SUBJ"
mkrootca "$ROOT_SUBJ" "$INT_SUBJ" cisco-ap