Creates certificates accepted by a cisco AP
FossilOrigin-Name: f1cfcc03e4dbfae6cc23d9bdab3712de141f282a6b363c2b94863a4cbf33d149
This commit is contained in:
7u83@mail.ru
parent
46fab74fba
commit
e4dac9f7ff
|
|
@ -1,5 +1,5 @@
|
|||
#!/bin/sh
|
||||
echo Creating Root CA
|
||||
echo Creating Root CAs
|
||||
|
||||
KEYSIZE=2048
|
||||
CONFIG=openssl.cnf
|
||||
|
|
@ -7,6 +7,9 @@ CONFIG=openssl.cnf
|
|||
ROOT_CA_DIR=./root-ca
|
||||
INT_CA_DIR=./intermediate-ca
|
||||
|
||||
|
||||
|
||||
|
||||
if [ ! -e $ROOT_CA_DIR ]
|
||||
then
|
||||
echo "Initializing root-ca"
|
||||
|
|
@ -15,18 +18,6 @@ then
|
|||
touch $ROOT_CA_DIR/index.txt
|
||||
fi
|
||||
|
||||
openssl req -nodes -new -x509 \
|
||||
-sha1 \
|
||||
-extensions v3_ca \
|
||||
-days 3650 \
|
||||
-newkey rsa:2048 \
|
||||
-keyout $ROOT_CA_DIR/root-ca.key -out $ROOT_CA_DIR/root-ca.crt \
|
||||
-config openssl.cnf \
|
||||
-x509 \
|
||||
-subj /C=DE/ST=Berlin/L=Berlin/O=Cauwersin/CN=7u83.cauwersin.com/emailAddress=7u83@mail.ru
|
||||
|
||||
|
||||
|
||||
if [ ! -e $INT_CA_DIR ]
|
||||
then
|
||||
echo "Initializing intermediate-ca"
|
||||
|
|
@ -35,11 +26,45 @@ then
|
|||
touch $INT_CA_DIR/index.txt
|
||||
fi
|
||||
|
||||
openssl genrsa -out $INT_CA_DIR/int-ca.key $KEYSIZE
|
||||
openssl req -sha1 -new -key $INT_CA_DIR/int-ca.key -out $INT_CA_DIR/int-ca.csr \
|
||||
-subj /C=DE/ST=Berlin/L=Berlin/O=Cauwersin/CN=7u83.cauwersin.com/emailAddress=7u83@mail.ru
|
||||
|
||||
mkrootca()
|
||||
{
|
||||
ROOT_SUBJ=$1
|
||||
|
||||
INT_SUBJ=$ROOT_SUBJ
|
||||
|
||||
if [ ! -z $2 ]
|
||||
then
|
||||
PREF="$2-"
|
||||
fi
|
||||
|
||||
|
||||
openssl ca -config openssl.cnf -keyfile $ROOT_CA_DIR/root-ca.key -cert $ROOT_CA_DIR/root-ca.crt \
|
||||
-extensions v3_ca -notext -md sha1 -in $INT_CA_DIR/int-ca.csr -out $INT_CA_DIR/int-ca.crt
|
||||
openssl req -nodes -new -x509 \
|
||||
-sha1 \
|
||||
-extensions v3_ca \
|
||||
-days 3650 \
|
||||
-newkey rsa:2048 \
|
||||
-keyout $ROOT_CA_DIR/${PREF}root-ca.key -out $ROOT_CA_DIR/${PREF}root-ca.crt \
|
||||
-config openssl.cnf \
|
||||
-x509 \
|
||||
-subj "$ROOT_SUBJ"
|
||||
|
||||
openssl genrsa -out $INT_CA_DIR/${PREF}int-ca.key $KEYSIZE
|
||||
|
||||
openssl req -sha1 -new -key $INT_CA_DIR/${PREF}int-ca.key -out $INT_CA_DIR/${PREF}int-ca.csr \
|
||||
-subj "$INT_SUBJ"
|
||||
|
||||
openssl ca -config openssl.cnf -keyfile $ROOT_CA_DIR/${PREF}root-ca.key \
|
||||
-cert $ROOT_CA_DIR/${PREF}root-ca.crt \
|
||||
-extensions v3_ca -notext -md sha1 -in $INT_CA_DIR/${PREF}int-ca.csr \
|
||||
-out $INT_CA_DIR/${PREF}int-ca.crt
|
||||
|
||||
}
|
||||
|
||||
|
||||
#ROOT_SUBJ="/C=DE/ST=Berlin/L=Berlin/O=Cauwersin/CN=7u83.cauwersin.com/emailAddress=7u83@mail.ru"
|
||||
ROOT_SUBJ="/C=US/ST=California/L=San Jose/O=Cisco Virtual Wireless LAN Controller/CN=CA-vWLC-AIR-CTVM-K9-080027949DE0/emailAddress=support@vwlc.com"
|
||||
mkrootca "$ROOT_SUBJ"
|
||||
|
||||
#mkrootca "$ROOT_SUBJ" cisco
|
||||
|
||||
|
|
|
|||
Loading…
Reference in New Issue