planix.org/actube
2
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Sign certs for cisco ap (but still not works)

Browse Source 
FossilOrigin-Name: 1951c37c5767fd24e99cb3fe5f8a66cde6d5c82f4a7d7cc71c6a4705fd8709d1
This commit is contained in:
7u83@mail.ru
2015-02-01 12:35:52 +00:00
parent 394934bd6e
commit de4fd07fd6
1 changed files with 42 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

50
ssl/mkcert.sh
View File

@ -1,8 +1,10 @@
#!/bin/sh
KEYSIZE=2048
#OPENSSL="../src/contrib/openssl-1.0.1i/apps/openssl"
OPENSSL="openssl"
#set -x
set -x
NAME=$1
PREF=$2
@ -13,14 +15,33 @@ PREF=$2
#fi
SUBJ="/C=DE/ST=Berlin/L=Berlin/O=Cauwersin/CN=7u83.cauwersin.com/emailAddress=7u83@mail.ru"
SUBJ="/C=DE/ST=Berlin/L=Berlin/O=Cauwersin/CN=C1130-c80aa9cd7fa4/emailAddress=7u83@mail.ru"
if [ "$PREF" = "cisco" ]
then
PREF="$2-"
SUBJ="/C=US/ST=California/L=San Jose/O=Cisco Virtual Wireless LAN Controller/CN=DEVICE-AC-TUBE/emailAddress=7u83@mail.ru"
fi
if [ "$PREF" = "simple" ]
then
PREF="$2"
SUBJ="/C=DE/ST=Berlin/L=Berlin/O=Cauwersin/CN=C1130-908d43460000/mailAddress=7u83@mail.ru"
fi
if [ "$PREF" = "cisco-ap" ]
then
PREF="$2-"
# SUBJ="/C=US/ST=California/L=San Jose/O=Cisco Systems/CN=C1130-f866f2a342fc/emailAddress=support@cisco.com"
# SUBJ="/C=US/ST=California/L=San Jose/O=airespace Inc/CN=C1130-f866f2a342fc/emailAddress=support@airespace.com"
# SUBJ="/ST=California/L=San Jose/C=US/O=Cisco Systems/CN=C1130-c80aa9cd7fa4/emailAddress=support@cisco.com"
#SUBJ="/ST=California/L=San Jose/C=US/O=Cisco Systems/CN=C1130-c80aa9cd7fa4/emailAddress=support@cisco.com"
# SUBJ="/C=US/ST=California/L=San Jose/O=airespace Inc/CN=C1130-f866f2a342fc/emailAddress=support@airespace.com"
SUBJ="/C=US/ST=California/L=San Jose/O=Cisco Systems/CN=C1130-c80aa9cd7fa4/emailAddress=support@cisco.com"
# SUBJ="/C=US/ST=California/L=San Jose/O=Cisco Systems/CN=C1200-c80aa9cd7fa4/emailAddress=support@cisco.com"
fi
DIR=./certs
@ -35,30 +56,43 @@ then
fi
openssl req -nodes -newkey rsa:$KEYSIZE -keyout $DIR/$NAME.key -out $DIR/$NAME.req \
$OPENSSL req -nodes -newkey rsa:$KEYSIZE -keyout $DIR/$NAME.key -out $DIR/$NAME.req \
-subj "$SUBJ"
if [ "$PREF" = "simple" ]
if [ "$2" = "simple" ]
then
openssl ca -config openssl-simple.cnf \
$OPENSSL ca -config openssl-simple.cnf \
-keyfile $ROOT_CA_DIR/${PREF}-root-ca.key \
-cert $ROOT_CA_DIR/${PREF}-root-ca.crt \
-batch \
-out $DIR/$NAME.crt -infiles $DIR/$NAME.req
openssl x509 -in $DIR/$NAME.crt -out $DIR/$NAME.pem
$OPENSSL x509 -in $DIR/$NAME.crt -out $DIR/$NAME.pem
elif [ "$2" = "nocisco-ap" ]
then
$OPENSSL ca -config openssl-simple.cnf \
-keyfile $ROOT_CA_DIR/${PREF}root-ca.key \
-cert $ROOT_CA_DIR/${PREF}root-ca.crt \
-batch \
-out $DIR/$NAME.crt -infiles $DIR/$NAME.req
$OPENSSL x509 -in $DIR/$NAME.crt -out $DIR/$NAME.pem
else
openssl ca -config openssl-int.cnf \
$OPENSSL ca -config openssl-int.cnf \
-keyfile $INT_CA_DIR/${PREF}int-ca.key \
-cert $INT_CA_DIR/${PREF}int-ca.crt \
-batch \
-out $DIR/$NAME.crt -infiles $DIR/$NAME.req
openssl x509 -in $DIR/$NAME.crt -out $DIR/$NAME.pem
$OPENSSL x509 -in $DIR/$NAME.crt -out $DIR/$NAME.pem
cat $INT_CA_DIR/${PREF}int-ca.crt >> $DIR/$NAME.pem
cat $ROOT_CA_DIR/${PREF}root-ca.crt >> $DIR/$NAME.pem
$OPENSSL x509 -in $INT_CA_DIR/${PREF}int-ca.crt -noout -sha1 -fingerprint
fi