Code cleanup.
FossilOrigin-Name: 20b3d3b9303a339a65e79564544335fdd85c83e2ecc47e84148bbf3bf5703ea6
This commit is contained in:
7u83@mail.ru
parent
c861551814
commit
5d4ed173f9
124
ssl/mkcert.sh
124
ssl/mkcert.sh
|
|
@ -7,28 +7,66 @@ OPENSSL="openssl"
|
|||
set -x
|
||||
|
||||
NAME=$1
|
||||
PREF=$2
|
||||
|
||||
#if [ ! -z $2 ]
|
||||
#then
|
||||
# PREF=""
|
||||
#fi
|
||||
TYPE=$2
|
||||
|
||||
|
||||
SUBJ="/C=DE/ST=Berlin/L=Berlin/O=Cauwersin/CN=C1130-c80aa9cd7fa4/emailAddress=7u83@mail.ru"
|
||||
if [ "$PREF" = "cisco" ]
|
||||
|
||||
DIR=./certs
|
||||
ROOT_CA_DIR=./root-ca
|
||||
INT_CA_DIR=./intermediate-ca
|
||||
|
||||
|
||||
if [ ! -e $DIR ]
|
||||
then
|
||||
mkdir $DIR
|
||||
fi
|
||||
|
||||
|
||||
|
||||
createcert()
|
||||
{
|
||||
SUBJ=$1
|
||||
CNF=$2
|
||||
|
||||
|
||||
if [ ! -z $TYPE ]
|
||||
then
|
||||
PREF="$TYPE-"
|
||||
fi
|
||||
$OPENSSL genrsa -out $DIR/$NAME.key $KEYSIZE
|
||||
$OPENSSL req -sha1 -new -key $DIR/$NAME.key -out $DIR/$NAME.req \
|
||||
-subj "$SUBJ"
|
||||
|
||||
|
||||
$OPENSSL ca -config openssl-int.cnf \
|
||||
-keyfile $INT_CA_DIR/${PREF}int-ca.key \
|
||||
-cert $INT_CA_DIR/${PREF}int-ca.crt \
|
||||
-batch \
|
||||
-extensions v3_ca \
|
||||
-out $DIR/$NAME.crt -infiles $DIR/$NAME.req
|
||||
|
||||
$OPENSSL x509 -in $DIR/$NAME.crt -out $DIR/$NAME.pem
|
||||
cat $INT_CA_DIR/${PREF}int-ca.crt >> $DIR/$NAME.pem
|
||||
cat $ROOT_CA_DIR/${PREF}root-ca.crt >> $DIR/$NAME.pem
|
||||
$OPENSSL x509 -in $INT_CA_DIR/${PREF}int-ca.crt -noout -sha1 -fingerprint
|
||||
|
||||
}
|
||||
|
||||
|
||||
if [ -z $TYPE ]
|
||||
then
|
||||
SUBJ="/C=DE/ST=Berlin/L=Berlin/O=Cauwersin/CN=C1130-c80aa9cd7fa4/emailAddress=7u83@mail.ru"
|
||||
createcert $SUBJ
|
||||
fi
|
||||
|
||||
if [ "$TYPE" = "cisco-ac" ]
|
||||
then
|
||||
PREF="$2-"
|
||||
SUBJ="/C=US/ST=California/L=San Jose/O=Cisco Virtual Wireless LAN Controller/CN=DEVICE-AC-TUBE/emailAddress=7u83@mail.ru"
|
||||
createcert $SUBJ
|
||||
fi
|
||||
|
||||
if [ "$PREF" = "simple" ]
|
||||
then
|
||||
PREF="$2"
|
||||
SUBJ="/C=DE/ST=Berlin/L=Berlin/O=Cauwersin/CN=C1130-908d43460000/mailAddress=7u83@mail.ru"
|
||||
fi
|
||||
|
||||
if [ "$PREF" = "cisco-ap" ]
|
||||
if [ "$TYPE" = "cisco-ap" ]
|
||||
then
|
||||
PREF="$2-"
|
||||
# SUBJ="/C=US/ST=California/L=San Jose/O=Cisco Systems/CN=C1130-f866f2a342fc/emailAddress=support@cisco.com"
|
||||
|
|
@ -37,65 +75,13 @@ then
|
|||
# SUBJ="/ST=California/L=San Jose/C=US/O=Cisco Systems/CN=C1130-c80aa9cd7fa4/emailAddress=support@cisco.com"
|
||||
#SUBJ="/ST=California/L=San Jose/C=US/O=Cisco Systems/CN=C1130-c80aa9cd7fa4/emailAddress=support@cisco.com"
|
||||
# SUBJ="/C=US/ST=California/L=San Jose/O=airespace Inc/CN=C1130-f866f2a342fc/emailAddress=support@airespace.com"
|
||||
SUBJ="/C=US/ST=California/L=San Jose/O=Cisco Systems/CN=C1130-c80aa9cd7fa4/emailAddress=support@cisco.com"
|
||||
# SUBJ="/C=US/ST=California/L=San Jose/O=Cisco Systems/CN=C1200-c80aa9cd7fa4/emailAddress=support@cisco.com"
|
||||
SUBJ="/C=US/ST=California/L=San Jose/O=Cisco Systems/CN=C1130-c80aa9cd7fa4/emailAddress=support@cisco.com"
|
||||
createcert "$SUBJ"
|
||||
|
||||
|
||||
fi
|
||||
|
||||
|
||||
DIR=./certs
|
||||
ROOT_CA_DIR=./root-ca
|
||||
INT_CA_DIR=./intermediate-ca
|
||||
|
||||
echo $NAME
|
||||
|
||||
if [ ! -e $DIR ]
|
||||
then
|
||||
mkdir $DIR
|
||||
fi
|
||||
|
||||
|
||||
$OPENSSL req -nodes -newkey rsa:$KEYSIZE -keyout $DIR/$NAME.key -out $DIR/$NAME.req \
|
||||
-subj "$SUBJ"
|
||||
|
||||
if [ "$2" = "simple" ]
|
||||
then
|
||||
$OPENSSL ca -config openssl-simple.cnf \
|
||||
-keyfile $ROOT_CA_DIR/${PREF}-root-ca.key \
|
||||
-cert $ROOT_CA_DIR/${PREF}-root-ca.crt \
|
||||
-batch \
|
||||
-out $DIR/$NAME.crt -infiles $DIR/$NAME.req
|
||||
|
||||
$OPENSSL x509 -in $DIR/$NAME.crt -out $DIR/$NAME.pem
|
||||
|
||||
elif [ "$2" = "nocisco-ap" ]
|
||||
then
|
||||
$OPENSSL ca -config openssl-simple.cnf \
|
||||
-keyfile $ROOT_CA_DIR/${PREF}root-ca.key \
|
||||
-cert $ROOT_CA_DIR/${PREF}root-ca.crt \
|
||||
-batch \
|
||||
-out $DIR/$NAME.crt -infiles $DIR/$NAME.req
|
||||
|
||||
$OPENSSL x509 -in $DIR/$NAME.crt -out $DIR/$NAME.pem
|
||||
|
||||
|
||||
else
|
||||
$OPENSSL ca -config openssl-int.cnf \
|
||||
-keyfile $INT_CA_DIR/${PREF}int-ca.key \
|
||||
-cert $INT_CA_DIR/${PREF}int-ca.crt \
|
||||
-batch \
|
||||
-out $DIR/$NAME.crt -infiles $DIR/$NAME.req
|
||||
|
||||
|
||||
$OPENSSL x509 -in $DIR/$NAME.crt -out $DIR/$NAME.pem
|
||||
cat $INT_CA_DIR/${PREF}int-ca.crt >> $DIR/$NAME.pem
|
||||
cat $ROOT_CA_DIR/${PREF}root-ca.crt >> $DIR/$NAME.pem
|
||||
$OPENSSL x509 -in $INT_CA_DIR/${PREF}int-ca.crt -noout -sha1 -fingerprint
|
||||
|
||||
fi
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
|
|
|||
|
|
@ -9,7 +9,6 @@ INT_CA_DIR=./intermediate-ca
|
|||
|
||||
|
||||
|
||||
|
||||
if [ ! -e $ROOT_CA_DIR ]
|
||||
then
|
||||
echo "Initializing root-ca"
|
||||
|
|
@ -30,15 +29,17 @@ fi
|
|||
mkrootca()
|
||||
{
|
||||
ROOT_SUBJ=$1
|
||||
INT_SUBJ=$2
|
||||
NAME=$3
|
||||
|
||||
INT_SUBJ=$ROOT_SUBJ
|
||||
|
||||
if [ ! -z $2 ]
|
||||
if [ ! -z $NAME ]
|
||||
then
|
||||
PREF="$2-"
|
||||
PREF="$NAME-"
|
||||
fi
|
||||
|
||||
|
||||
# Create a self-signed root CA
|
||||
openssl req -nodes -new -x509 \
|
||||
-sha1 \
|
||||
-extensions v3_ca \
|
||||
|
|
@ -49,36 +50,41 @@ mkrootca()
|
|||
-x509 \
|
||||
-subj "$ROOT_SUBJ"
|
||||
|
||||
# Create a key for intermediate CA
|
||||
openssl genrsa -out $INT_CA_DIR/${PREF}int-ca.key $KEYSIZE
|
||||
|
||||
# Create req for intermediate CA
|
||||
openssl req -sha1 -new -key $INT_CA_DIR/${PREF}int-ca.key -out $INT_CA_DIR/${PREF}int-ca.csr \
|
||||
-subj "$INT_SUBJ"
|
||||
|
||||
# Sign intermediate CA cert using previously created root CA
|
||||
openssl ca -config openssl.cnf -batch -keyfile $ROOT_CA_DIR/${PREF}root-ca.key \
|
||||
-cert $ROOT_CA_DIR/${PREF}root-ca.crt \
|
||||
-extensions v3_ca -notext -md sha1 -in $INT_CA_DIR/${PREF}int-ca.csr \
|
||||
-out $INT_CA_DIR/${PREF}int-ca.crt
|
||||
|
||||
|
||||
|
||||
}
|
||||
|
||||
|
||||
ROOT_SUBJ="/C=DE/ST=Berlin/L=Berlin/O=Cauwersin/CN=7u83.cauwersin.com/emailAddress=7u83@mail.ru"
|
||||
mkrootca "$ROOT_SUBJ"
|
||||
|
||||
ROOT_SUBJ="/C=DE/ST=Berlin/O=Cauwersin/CN=SCEP-CN=C1130-908d43460000/emailAddress=7u83@mail.ru"
|
||||
mkrootca "$ROOT_SUBJ" simple
|
||||
INT_SUBJ="$ROOT_SUBJ"
|
||||
mkrootca "$ROOT_SUBJ" "$INT_SUBJ"
|
||||
|
||||
|
||||
ROOT_SUBJ="/C=US/ST=California/L=San Jose/O=Cisco Virtual Wireless LAN Controller/CN=CA-vWLC-AIR-CTVM-K9-080027949DE0/emailAddress=support@vwlc.com"
|
||||
mkrootca "$ROOT_SUBJ" cisco
|
||||
|
||||
INT_SUBJ="$ROOT_SUBJ"
|
||||
mkrootca "$ROOT_SUBJ" "$INT_SUBJ" cisco-ac
|
||||
|
||||
#ROOT_SUBJ="/C=US/ST=California/L=San Jose/O=airespace Inc/CN=C1130-f866f2a342fc/emailAddress=support@airespace.com"
|
||||
#ROOT_SUBJ="/C=US/ST=California/L=San Jose/O=Cisco Systems/CN=C1130-f866f2a342fc/emailAddress=support@cisco.com"
|
||||
#ROOT_SUBJ="/ST=California/L=San Jose/C=US/O=Cisco Systems/CN=C1130-f866f2a342fc/emailAddress=support@cisco.com"
|
||||
#ROOT_SUBJ="/C=US/ST=California/L=San Jose/O=Cisco Systems/CN=C1200-c80aa9cd7fa4/emailAddress=support@cisco.com"
|
||||
#ROOT_SUBJ="/C=US/ST=California/L=San Jose/O=Cisco Systems/CN=Cisrot/emailAddress=support@cisco.com"
|
||||
|
||||
ROOT_SUBJ="/C=US/ST=California/L=San Jose/O=Cisco Systems/CN=C1130-c80aa9cd7fa4/emailAddress=support@cisco.com"
|
||||
mkrootca "$ROOT_SUBJ" cisco-ap
|
||||
INT_SUBJ="$ROOT_SUBJ"
|
||||
mkrootca "$ROOT_SUBJ" "$INT_SUBJ" cisco-ap
|
||||
|
||||
|
||||
|
|
|
|||
Loading…
Reference in New Issue