Sign certs for cisco ap (but still not works)

FossilOrigin-Name: 1951c37c5767fd24e99cb3fe5f8a66cde6d5c82f4a7d7cc71c6a4705fd8709d1
2015-02-01 12:35:52 +00:00 · 2015-02-01 12:35:52 +00:00 · de4fd07fd6
parent 394934bd6e
commit de4fd07fd6
1 changed files with 42 additions and 8 deletions
--- a/ssl/mkcert.sh
+++ b/ssl/mkcert.sh
@ -1,8 +1,10 @@
 #!/bin/sh

 KEYSIZE=2048
+#OPENSSL="../src/contrib/openssl-1.0.1i/apps/openssl"
+OPENSSL="openssl"

-#set -x
+set -x

 NAME=$1
 PREF=$2
@ -13,14 +15,33 @@ PREF=$2
 #fi


-SUBJ="/C=DE/ST=Berlin/L=Berlin/O=Cauwersin/CN=7u83.cauwersin.com/emailAddress=7u83@mail.ru"
+SUBJ="/C=DE/ST=Berlin/L=Berlin/O=Cauwersin/CN=C1130-c80aa9cd7fa4/emailAddress=7u83@mail.ru"
 if [ "$PREF" = "cisco" ] 
 then
 	PREF="$2-"
 	SUBJ="/C=US/ST=California/L=San Jose/O=Cisco Virtual Wireless LAN Controller/CN=DEVICE-AC-TUBE/emailAddress=7u83@mail.ru"
 fi

+if [ "$PREF" = "simple" ] 
+then
+	PREF="$2"
+	SUBJ="/C=DE/ST=Berlin/L=Berlin/O=Cauwersin/CN=C1130-908d43460000/mailAddress=7u83@mail.ru"
+fi

+if [ "$PREF" = "cisco-ap" ]
+then
+	PREF="$2-"
+#	SUBJ="/C=US/ST=California/L=San Jose/O=Cisco Systems/CN=C1130-f866f2a342fc/emailAddress=support@cisco.com"
+#	SUBJ="/C=US/ST=California/L=San Jose/O=airespace Inc/CN=C1130-f866f2a342fc/emailAddress=support@airespace.com"
+
+#	SUBJ="/ST=California/L=San Jose/C=US/O=Cisco Systems/CN=C1130-c80aa9cd7fa4/emailAddress=support@cisco.com"
+	#SUBJ="/ST=California/L=San Jose/C=US/O=Cisco Systems/CN=C1130-c80aa9cd7fa4/emailAddress=support@cisco.com"
+#	SUBJ="/C=US/ST=California/L=San Jose/O=airespace Inc/CN=C1130-f866f2a342fc/emailAddress=support@airespace.com"
+	SUBJ="/C=US/ST=California/L=San Jose/O=Cisco Systems/CN=C1130-c80aa9cd7fa4/emailAddress=support@cisco.com"
+#	SUBJ="/C=US/ST=California/L=San Jose/O=Cisco Systems/CN=C1200-c80aa9cd7fa4/emailAddress=support@cisco.com"
+
+
+fi


 DIR=./certs
@ -35,30 +56,43 @@ then
 fi


-openssl req -nodes -newkey rsa:$KEYSIZE -keyout $DIR/$NAME.key -out $DIR/$NAME.req   \
+$OPENSSL req -nodes -newkey rsa:$KEYSIZE -keyout $DIR/$NAME.key -out $DIR/$NAME.req   \
        -subj "$SUBJ"

-if [ "$PREF" = "simple" ]
+if [ "$2" = "simple" ]
 then
-openssl ca -config openssl-simple.cnf  \
+$OPENSSL ca -config openssl-simple.cnf  \
 	   -keyfile $ROOT_CA_DIR/${PREF}-root-ca.key \
 	   -cert $ROOT_CA_DIR/${PREF}-root-ca.crt \
 	   -batch \
 	   -out $DIR/$NAME.crt -infiles $DIR/$NAME.req 

-openssl x509 -in $DIR/$NAME.crt -out $DIR/$NAME.pem
+$OPENSSL x509 -in $DIR/$NAME.crt -out $DIR/$NAME.pem
+
+elif [ "$2" = "nocisco-ap" ]
+then
+$OPENSSL ca -config openssl-simple.cnf  \
+	   -keyfile $ROOT_CA_DIR/${PREF}root-ca.key \
+	   -cert $ROOT_CA_DIR/${PREF}root-ca.crt \
+	   -batch \
+	   -out $DIR/$NAME.crt -infiles $DIR/$NAME.req 
+
+$OPENSSL x509 -in $DIR/$NAME.crt -out $DIR/$NAME.pem
+

 else
-openssl ca -config openssl-int.cnf  \
+$OPENSSL ca -config openssl-int.cnf  \
 	   -keyfile $INT_CA_DIR/${PREF}int-ca.key \
 	   -cert $INT_CA_DIR/${PREF}int-ca.crt \
 	   -batch \
 	   -out $DIR/$NAME.crt -infiles $DIR/$NAME.req 


-openssl x509 -in $DIR/$NAME.crt -out $DIR/$NAME.pem
+$OPENSSL x509 -in $DIR/$NAME.crt -out $DIR/$NAME.pem
 cat $INT_CA_DIR/${PREF}int-ca.crt >> $DIR/$NAME.pem
 cat $ROOT_CA_DIR/${PREF}root-ca.crt >> $DIR/$NAME.pem
+$OPENSSL x509 -in $INT_CA_DIR/${PREF}int-ca.crt -noout -sha1 -fingerprint
+
 fi