Added option for "simple" certificate
"simple" means, issued certificates are directly signed by root CA, no chaining. FossilOrigin-Name: 79ee157b5b2e7bb9529049f646d882a0d1aac58c01b4f7d0438d4948faa4f0f6
This commit is contained in:
7u83@mail.ru
parent
7c3aefc7ea
commit
1e884be4f1
@ -2,12 +2,19 @@
|
|||||||
|
|
||||||
KEYSIZE=2048
|
KEYSIZE=2048
|
||||||
|
|
||||||
|
#set -x
|
||||||
|
|
||||||
NAME=$1
|
NAME=$1
|
||||||
|
|
||||||
PREF=$2
|
PREF=$2
|
||||||
|
|
||||||
|
#if [ ! -z $2 ]
|
||||||
|
#then
|
||||||
|
# PREF=""
|
||||||
|
#fi
|
||||||
|
|
||||||
|
|
||||||
SUBJ="/C=DE/ST=Berlin/L=Berlin/O=Cauwersin/CN=7u83.cauwersin.com/emailAddress=7u83@mail.ru"
|
SUBJ="/C=DE/ST=Berlin/L=Berlin/O=Cauwersin/CN=7u83.cauwersin.com/emailAddress=7u83@mail.ru"
|
||||||
if [ $2 = "cisco" ]
|
if [ "$PREF" = "cisco" ]
|
||||||
then
|
then
|
||||||
PREF="$2-"
|
PREF="$2-"
|
||||||
SUBJ="/C=US/ST=California/L=San Jose/O=Cisco Virtual Wireless LAN Controller/CN=DEVICE-AC-TUBE/emailAddress=7u83@mail.ru"
|
SUBJ="/C=US/ST=California/L=San Jose/O=Cisco Virtual Wireless LAN Controller/CN=DEVICE-AC-TUBE/emailAddress=7u83@mail.ru"
|
||||||
@ -15,6 +22,7 @@ fi
|
|||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
DIR=./certs
|
DIR=./certs
|
||||||
ROOT_CA_DIR=./root-ca
|
ROOT_CA_DIR=./root-ca
|
||||||
INT_CA_DIR=./intermediate-ca
|
INT_CA_DIR=./intermediate-ca
|
||||||
@ -30,17 +38,26 @@ fi
|
|||||||
openssl req -nodes -newkey rsa:$KEYSIZE -keyout $DIR/$NAME.key -out $DIR/$NAME.req \
|
openssl req -nodes -newkey rsa:$KEYSIZE -keyout $DIR/$NAME.key -out $DIR/$NAME.req \
|
||||||
-subj "$SUBJ"
|
-subj "$SUBJ"
|
||||||
|
|
||||||
|
if [ "$PREF" = "simple" ]
|
||||||
|
then
|
||||||
|
openssl ca -config openssl-simple.cnf \
|
||||||
|
-keyfile $ROOT_CA_DIR/${PREF}-root-ca.key \
|
||||||
|
-cert $ROOT_CA_DIR/${PREF}-root-ca.crt \
|
||||||
|
-batch \
|
||||||
|
-out $DIR/$NAME.crt -infiles $DIR/$NAME.req
|
||||||
|
|
||||||
|
else
|
||||||
openssl ca -config openssl-int.cnf \
|
openssl ca -config openssl-int.cnf \
|
||||||
-keyfile $INT_CA_DIR/${PREF}int-ca.key \
|
-keyfile $INT_CA_DIR/${PREF}int-ca.key \
|
||||||
-cert $INT_CA_DIR/${PREF}int-ca.crt \
|
-cert $INT_CA_DIR/${PREF}int-ca.crt \
|
||||||
-batch \
|
-batch \
|
||||||
-out $DIR/$NAME.crt -infiles $DIR/$NAME.req
|
-out $DIR/$NAME.crt -infiles $DIR/$NAME.req
|
||||||
|
cat $INT_CA_DIR/${PREF}int-ca.crt >> $DIR/$NAME.pem
|
||||||
|
cat $ROOT_CA_DIR/${PREF}root-ca.crt >> $DIR/$NAME.pem
|
||||||
|
fi
|
||||||
|
|
||||||
openssl x509 -in $DIR/$NAME.crt -out $DIR/$NAME.pem
|
openssl x509 -in $DIR/$NAME.crt -out $DIR/$NAME.pem
|
||||||
|
|
||||||
cat $INT_CA_DIR/${PREF}int-ca.crt >> $DIR/$NAME.pem
|
|
||||||
cat $ROOT_CA_DIR/${PREF}root-ca.crt >> $DIR/$NAME.pem
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|||||||
@ -66,6 +66,10 @@ mkrootca()
|
|||||||
ROOT_SUBJ="/C=DE/ST=Berlin/L=Berlin/O=Cauwersin/CN=7u83.cauwersin.com/emailAddress=7u83@mail.ru"
|
ROOT_SUBJ="/C=DE/ST=Berlin/L=Berlin/O=Cauwersin/CN=7u83.cauwersin.com/emailAddress=7u83@mail.ru"
|
||||||
mkrootca "$ROOT_SUBJ"
|
mkrootca "$ROOT_SUBJ"
|
||||||
|
|
||||||
|
ROOT_SUBJ="/C=DE/ST=Berlin/L=Berlin/O=Cauwersin/CN=7u83.cauwersin.com/emailAddress=7u83@mail.ru"
|
||||||
|
mkrootca "$ROOT_SUBJ" simple
|
||||||
|
|
||||||
|
|
||||||
ROOT_SUBJ="/C=US/ST=California/L=San Jose/O=Cisco Virtual Wireless LAN Controller/CN=CA-vWLC-AIR-CTVM-K9-080027949DE0/emailAddress=support@vwlc.com"
|
ROOT_SUBJ="/C=US/ST=California/L=San Jose/O=Cisco Virtual Wireless LAN Controller/CN=CA-vWLC-AIR-CTVM-K9-080027949DE0/emailAddress=support@vwlc.com"
|
||||||
mkrootca "$ROOT_SUBJ" cisco
|
mkrootca "$ROOT_SUBJ" cisco
|
||||||
|
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user