2014-08-10 21:32:50 +02:00
|
|
|
#!/bin/sh
|
2015-01-24 03:01:55 +01:00
|
|
|
echo Creating Root CAs
|
2014-08-11 17:31:52 +02:00
|
|
|
|
2015-01-22 23:13:09 +01:00
|
|
|
KEYSIZE=2048
|
|
|
|
CONFIG=openssl.cnf
|
|
|
|
|
|
|
|
ROOT_CA_DIR=./root-ca
|
|
|
|
INT_CA_DIR=./intermediate-ca
|
|
|
|
|
2015-01-24 03:01:55 +01:00
|
|
|
|
|
|
|
|
2015-01-22 23:13:09 +01:00
|
|
|
if [ ! -e $ROOT_CA_DIR ]
|
|
|
|
then
|
|
|
|
echo "Initializing root-ca"
|
|
|
|
mkdir $ROOT_CA_DIR
|
|
|
|
echo '1000' > $ROOT_CA_DIR/serial
|
|
|
|
touch $ROOT_CA_DIR/index.txt
|
|
|
|
fi
|
|
|
|
|
|
|
|
if [ ! -e $INT_CA_DIR ]
|
|
|
|
then
|
|
|
|
echo "Initializing intermediate-ca"
|
|
|
|
mkdir $INT_CA_DIR
|
|
|
|
echo '1000' > $INT_CA_DIR/serial
|
|
|
|
touch $INT_CA_DIR/index.txt
|
|
|
|
fi
|
|
|
|
|
|
|
|
|
2015-01-24 03:01:55 +01:00
|
|
|
mkrootca()
|
|
|
|
{
|
|
|
|
ROOT_SUBJ=$1
|
2015-02-03 08:21:04 +01:00
|
|
|
INT_SUBJ=$2
|
|
|
|
NAME=$3
|
2015-01-24 03:01:55 +01:00
|
|
|
|
|
|
|
|
2015-02-03 08:21:04 +01:00
|
|
|
if [ ! -z $NAME ]
|
2015-01-24 03:01:55 +01:00
|
|
|
then
|
2015-02-03 08:21:04 +01:00
|
|
|
PREF="$NAME-"
|
2015-01-24 03:01:55 +01:00
|
|
|
fi
|
|
|
|
|
|
|
|
|
2015-02-03 08:21:04 +01:00
|
|
|
# Create a self-signed root CA
|
2015-01-24 03:01:55 +01:00
|
|
|
openssl req -nodes -new -x509 \
|
|
|
|
-sha1 \
|
|
|
|
-extensions v3_ca \
|
|
|
|
-days 3650 \
|
|
|
|
-newkey rsa:2048 \
|
|
|
|
-keyout $ROOT_CA_DIR/${PREF}root-ca.key -out $ROOT_CA_DIR/${PREF}root-ca.crt \
|
|
|
|
-config openssl.cnf \
|
|
|
|
-x509 \
|
|
|
|
-subj "$ROOT_SUBJ"
|
|
|
|
|
2015-02-03 08:21:04 +01:00
|
|
|
# Create a key for intermediate CA
|
2015-01-24 03:01:55 +01:00
|
|
|
openssl genrsa -out $INT_CA_DIR/${PREF}int-ca.key $KEYSIZE
|
|
|
|
|
2015-02-03 08:21:04 +01:00
|
|
|
# Create req for intermediate CA
|
2015-01-24 03:01:55 +01:00
|
|
|
openssl req -sha1 -new -key $INT_CA_DIR/${PREF}int-ca.key -out $INT_CA_DIR/${PREF}int-ca.csr \
|
|
|
|
-subj "$INT_SUBJ"
|
|
|
|
|
2015-02-03 08:21:04 +01:00
|
|
|
# Sign intermediate CA cert using previously created root CA
|
2015-01-24 08:13:26 +01:00
|
|
|
openssl ca -config openssl.cnf -batch -keyfile $ROOT_CA_DIR/${PREF}root-ca.key \
|
2015-01-24 03:01:55 +01:00
|
|
|
-cert $ROOT_CA_DIR/${PREF}root-ca.crt \
|
|
|
|
-extensions v3_ca -notext -md sha1 -in $INT_CA_DIR/${PREF}int-ca.csr \
|
|
|
|
-out $INT_CA_DIR/${PREF}int-ca.crt
|
|
|
|
|
2015-01-24 03:09:33 +01:00
|
|
|
|
2015-02-03 08:21:04 +01:00
|
|
|
|
2015-01-24 03:01:55 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
|
2015-01-24 08:13:26 +01:00
|
|
|
ROOT_SUBJ="/C=DE/ST=Berlin/L=Berlin/O=Cauwersin/CN=7u83.cauwersin.com/emailAddress=7u83@mail.ru"
|
2015-02-03 08:21:04 +01:00
|
|
|
INT_SUBJ="$ROOT_SUBJ"
|
|
|
|
mkrootca "$ROOT_SUBJ" "$INT_SUBJ"
|
2015-01-24 11:05:54 +01:00
|
|
|
|
|
|
|
|
2015-01-24 08:13:26 +01:00
|
|
|
ROOT_SUBJ="/C=US/ST=California/L=San Jose/O=Cisco Virtual Wireless LAN Controller/CN=CA-vWLC-AIR-CTVM-K9-080027949DE0/emailAddress=support@vwlc.com"
|
2015-02-03 08:21:04 +01:00
|
|
|
INT_SUBJ="$ROOT_SUBJ"
|
|
|
|
mkrootca "$ROOT_SUBJ" "$INT_SUBJ" cisco-ac
|
2015-02-01 13:35:30 +01:00
|
|
|
|
|
|
|
#ROOT_SUBJ="/C=US/ST=California/L=San Jose/O=airespace Inc/CN=C1130-f866f2a342fc/emailAddress=support@airespace.com"
|
|
|
|
#ROOT_SUBJ="/C=US/ST=California/L=San Jose/O=Cisco Systems/CN=C1130-f866f2a342fc/emailAddress=support@cisco.com"
|
|
|
|
#ROOT_SUBJ="/ST=California/L=San Jose/C=US/O=Cisco Systems/CN=C1130-f866f2a342fc/emailAddress=support@cisco.com"
|
|
|
|
#ROOT_SUBJ="/C=US/ST=California/L=San Jose/O=Cisco Systems/CN=C1200-c80aa9cd7fa4/emailAddress=support@cisco.com"
|
2015-02-03 08:21:04 +01:00
|
|
|
#ROOT_SUBJ="/C=US/ST=California/L=San Jose/O=Cisco Systems/CN=Cisrot/emailAddress=support@cisco.com"
|
|
|
|
|
2015-02-01 13:35:30 +01:00
|
|
|
ROOT_SUBJ="/C=US/ST=California/L=San Jose/O=Cisco Systems/CN=C1130-c80aa9cd7fa4/emailAddress=support@cisco.com"
|
2015-02-03 08:21:04 +01:00
|
|
|
INT_SUBJ="$ROOT_SUBJ"
|
|
|
|
mkrootca "$ROOT_SUBJ" "$INT_SUBJ" cisco-ap
|
2015-02-01 13:35:30 +01:00
|
|
|
|
|
|
|
|