moved local_cfg, remote_cfg ... to cw_ElemData struct

2022-07-28 01:36:16 +02:00
parent 6ac1c87b2f
commit b894c00a7e
86 changed files with 360 additions and 243 deletions
--- a/ssl/mkcert.sh
+++ b/ssl/mkcert.sh
@ -9,7 +9,7 @@ set -x
 NAME=$1
 TYPE=$2

-
+DAYS=6000

 DIR=./certs
 ROOT_CA_DIR=./root-ca
@ -65,8 +65,6 @@ then
 fi


-CISCOTIME='2013-12-24 08:15:42'
-
 if [ "$TYPE" = "cisco-ac" ] 
 then
 	SUBJ="/C=US/ST=California/L=San Jose/O=Cisco Virtual Wireless LAN Controller/CN=DEVICE-AC-TUBE/emailAddress=7u83@mail.ru"
@ -82,14 +80,14 @@ then
       openssl req -nodes -new -x509 \
                -sha1 \
                -extensions v3_ca \
-                -days 3650 \
-                -newkey rsa:2048 \
+                -days ${DAYS} \
+                -newkey rsa:${KEYSIZE} \
                -keyout certs/${NAME}.key -out certs/${NAME}.crt \
                -config openssl.cnf \
                -x509 \
                -subj "$SUBJ" 

-	$OPENSSL x509 -in $DIR/$NAME.crt -out $DIR/$NAME.pem -days=128
+	$OPENSSL x509 -in $DIR/$NAME.crt -out $DIR/$NAME.pem -days=${DAYS}



--- a/ssl/mkciscoimport.sh
+++ b/ssl/mkciscoimport.sh
@ -7,7 +7,7 @@ then
 fi


-echo clock set $(date "+%H:%M:%S %d %b %Y")
+#echo clock set $(date "+%H:%M:%S %d %b %Y")
 echo debug capwap console cli
 echo configure terminal
 echo crypto ca profile enrollment ACTube
--- a/ssl/mkrootca.sh
+++ b/ssl/mkrootca.sh
@ -7,6 +7,8 @@ CONFIG=openssl.cnf
 ROOT_CA_DIR=./root-ca
 INT_CA_DIR=./intermediate-ca

+DAYS=6000
+


 if [ ! -e $ROOT_CA_DIR ] 
@ -42,11 +44,11 @@ mkrootca()
 	# Create a self-signed root CA
 	openssl req -nodes -new -x509 \
 		-sha1 \
+		-days ${DAYS} \
 		-extensions v3_ca \
-		-days 3650 \
-		-newkey rsa:2048 \
+		-newkey rsa:${KEYSIZE} \
 		-keyout $ROOT_CA_DIR/${PREF}root-ca.key -out $ROOT_CA_DIR/${PREF}root-ca.crt \
-		-config openssl.cnf \
+		-config ${CONFIG} \
 		-x509 \
 		-subj "$ROOT_SUBJ"

@ -58,7 +60,7 @@ mkrootca()
 		-subj "$INT_SUBJ"

 	# Sign intermediate CA cert using previously created root CA
-	openssl ca -config openssl.cnf -batch -keyfile $ROOT_CA_DIR/${PREF}root-ca.key \
+	openssl ca -config ${CONFIG} -batch -keyfile $ROOT_CA_DIR/${PREF}root-ca.key \
 		   -cert $ROOT_CA_DIR/${PREF}root-ca.crt \
 		   -extensions v3_ca -notext -md sha1 -in $INT_CA_DIR/${PREF}int-ca.csr \
 		   -out $INT_CA_DIR/${PREF}int-ca.crt
--- a/ssl/openssl-crt.cnf
+++ b/ssl/openssl-crt.cnf
@ -70,7 +70,7 @@ cert_opt 	= ca_default		# Certificate field options
 # crlnumber must also be commented out to leave a V1 CRL.
 # crl_extensions	= crl_ext

-default_days	= 365			# how long to certify for
+default_days	= 6000			# how long to certify for
 default_crl_days= 30			# how long before next CRL
 default_md	= sha256 #md5			# use public key default MD
 preserve	= no			# keep passed DN ordering
--- a/ssl/openssl-int.cnf
+++ b/ssl/openssl-int.cnf
@ -70,7 +70,7 @@ cert_opt 	= ca_default		# Certificate field options
 # crlnumber must also be commented out to leave a V1 CRL.
 # crl_extensions	= crl_ext

-default_days	= 365			# how long to certify for
+default_days	= 6000			# how long to certify for
 default_crl_days= 30			# how long before next CRL
 default_md	= md5			# use public key default MD
 preserve	= no			# keep passed DN ordering
--- a/ssl/openssl.cnf
+++ b/ssl/openssl.cnf
@ -70,7 +70,7 @@ cert_opt 	= ca_default		# Certificate field options
 # crlnumber must also be commented out to leave a V1 CRL.
 # crl_extensions	= crl_ext

-default_days	= 365			# how long to certify for
+default_days	= 6000			# how long to certify for
 default_crl_days= 30			# how long before next CRL
 default_md	= md5			# use public key default MD
 preserve	= no			# keep passed DN ordering