From 1e884be4f1f7f99435b9f417e0b747aa4ceb1ce6 Mon Sep 17 00:00:00 2001
From: "7u83@mail.ru" <7u83@mail.ru@noemail.net>
Date: Sat, 24 Jan 2015 10:05:54 +0000
Subject: [PATCH] Added option for "simple" certificate

"simple" means, issued certificates are directly signed
by root CA, no chaining.

FossilOrigin-Name: 79ee157b5b2e7bb9529049f646d882a0d1aac58c01b4f7d0438d4948faa4f0f6
---
 ssl/mkcert.sh   | 27 ++++++++++++++++++++++-----
 ssl/mkrootca.sh |  4 ++++
 2 files changed, 26 insertions(+), 5 deletions(-)

diff --git a/ssl/mkcert.sh b/ssl/mkcert.sh
index 7d18077c..4e0bcc2c 100755
--- a/ssl/mkcert.sh
+++ b/ssl/mkcert.sh
@@ -2,12 +2,19 @@
 
 KEYSIZE=2048
 
+#set -x
 
 NAME=$1
-
 PREF=$2
+
+#if [ ! -z $2 ]
+#then
+#	PREF=""
+#fi
+
+
 SUBJ="/C=DE/ST=Berlin/L=Berlin/O=Cauwersin/CN=7u83.cauwersin.com/emailAddress=7u83@mail.ru"
-if [ $2 = "cisco" ] 
+if [ "$PREF" = "cisco" ] 
 then
 	PREF="$2-"
 	SUBJ="/C=US/ST=California/L=San Jose/O=Cisco Virtual Wireless LAN Controller/CN=DEVICE-AC-TUBE/emailAddress=7u83@mail.ru"
@@ -15,6 +22,7 @@ fi
 
 
 
+
 DIR=./certs
 ROOT_CA_DIR=./root-ca
 INT_CA_DIR=./intermediate-ca
@@ -30,17 +38,26 @@ fi
 openssl req -nodes -newkey rsa:$KEYSIZE -keyout $DIR/$NAME.key -out $DIR/$NAME.req   \
         -subj "$SUBJ"
 
+if [ "$PREF" = "simple" ]
+then
+openssl ca -config openssl-simple.cnf  \
+	   -keyfile $ROOT_CA_DIR/${PREF}-root-ca.key \
+	   -cert $ROOT_CA_DIR/${PREF}-root-ca.crt \
+	   -batch \
+	   -out $DIR/$NAME.crt -infiles $DIR/$NAME.req 
+
+else
 openssl ca -config openssl-int.cnf  \
 	   -keyfile $INT_CA_DIR/${PREF}int-ca.key \
 	   -cert $INT_CA_DIR/${PREF}int-ca.crt \
 	   -batch \
 	   -out $DIR/$NAME.crt -infiles $DIR/$NAME.req 
-	
+cat $INT_CA_DIR/${PREF}int-ca.crt >> $DIR/$NAME.pem
+cat $ROOT_CA_DIR/${PREF}root-ca.crt >> $DIR/$NAME.pem
+fi	
 
 openssl x509 -in $DIR/$NAME.crt -out $DIR/$NAME.pem
 
-cat $INT_CA_DIR/${PREF}int-ca.crt >> $DIR/$NAME.pem
-cat $ROOT_CA_DIR/${PREF}root-ca.crt >> $DIR/$NAME.pem
 
 
 
diff --git a/ssl/mkrootca.sh b/ssl/mkrootca.sh
index 7baecbec..842b8466 100755
--- a/ssl/mkrootca.sh
+++ b/ssl/mkrootca.sh
@@ -66,6 +66,10 @@ mkrootca()
 ROOT_SUBJ="/C=DE/ST=Berlin/L=Berlin/O=Cauwersin/CN=7u83.cauwersin.com/emailAddress=7u83@mail.ru"
 mkrootca "$ROOT_SUBJ" 
 
+ROOT_SUBJ="/C=DE/ST=Berlin/L=Berlin/O=Cauwersin/CN=7u83.cauwersin.com/emailAddress=7u83@mail.ru"
+mkrootca "$ROOT_SUBJ" simple
+
+
 ROOT_SUBJ="/C=US/ST=California/L=San Jose/O=Cisco Virtual Wireless LAN Controller/CN=CA-vWLC-AIR-CTVM-K9-080027949DE0/emailAddress=support@vwlc.com"
 mkrootca "$ROOT_SUBJ" cisco