planix.org/actube
2
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Creates certificates accepted by a cisco AP

Browse Source 
FossilOrigin-Name: f1cfcc03e4dbfae6cc23d9bdab3712de141f282a6b363c2b94863a4cbf33d149
This commit is contained in:
7u83@mail.ru 2015-01-24 02:01:55 +00:00
parent 46fab74fba
commit e4dac9f7ff
1 changed files with 43 additions and 18 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

61
ssl/mkrootca.sh
View File

@ -1,5 +1,5 @@
#!/bin/sh #!/bin/sh
echo Creating Root CA echo Creating Root CAs
KEYSIZE=2048 KEYSIZE=2048
CONFIG=openssl.cnf CONFIG=openssl.cnf
@ -7,6 +7,9 @@ CONFIG=openssl.cnf
ROOT_CA_DIR=./root-ca ROOT_CA_DIR=./root-ca
INT_CA_DIR=./intermediate-ca INT_CA_DIR=./intermediate-ca
if [ ! -e $ROOT_CA_DIR ] if [ ! -e $ROOT_CA_DIR ]
then then
echo "Initializing root-ca" echo "Initializing root-ca"
@ -15,18 +18,6 @@ then
touch $ROOT_CA_DIR/index.txt touch $ROOT_CA_DIR/index.txt
fi fi
openssl req -nodes -new -x509 \
-sha1 \
-extensions v3_ca \
-days 3650 \
-newkey rsa:2048 \
-keyout $ROOT_CA_DIR/root-ca.key -out $ROOT_CA_DIR/root-ca.crt \
-config openssl.cnf \
-x509 \
-subj /C=DE/ST=Berlin/L=Berlin/O=Cauwersin/CN=7u83.cauwersin.com/emailAddress=7u83@mail.ru
if [ ! -e $INT_CA_DIR ] if [ ! -e $INT_CA_DIR ]
then then
echo "Initializing intermediate-ca" echo "Initializing intermediate-ca"
@ -35,11 +26,45 @@ then
touch $INT_CA_DIR/index.txt touch $INT_CA_DIR/index.txt
fi fi
openssl genrsa -out $INT_CA_DIR/int-ca.key $KEYSIZE
openssl req -sha1 -new -key $INT_CA_DIR/int-ca.key -out $INT_CA_DIR/int-ca.csr \ mkrootca()
-subj /C=DE/ST=Berlin/L=Berlin/O=Cauwersin/CN=7u83.cauwersin.com/emailAddress=7u83@mail.ru {
ROOT_SUBJ=$1
INT_SUBJ=$ROOT_SUBJ
if [ ! -z $2 ]
then
PREF="$2-"
fi
openssl ca -config openssl.cnf -keyfile $ROOT_CA_DIR/root-ca.key -cert $ROOT_CA_DIR/root-ca.crt \ openssl req -nodes -new -x509 \
-extensions v3_ca -notext -md sha1 -in $INT_CA_DIR/int-ca.csr -out $INT_CA_DIR/int-ca.crt -sha1 \
-extensions v3_ca \
-days 3650 \
-newkey rsa:2048 \
-keyout $ROOT_CA_DIR/${PREF}root-ca.key -out $ROOT_CA_DIR/${PREF}root-ca.crt \
-config openssl.cnf \
-x509 \
-subj "$ROOT_SUBJ"
openssl genrsa -out $INT_CA_DIR/${PREF}int-ca.key $KEYSIZE
openssl req -sha1 -new -key $INT_CA_DIR/${PREF}int-ca.key -out $INT_CA_DIR/${PREF}int-ca.csr \
-subj "$INT_SUBJ"
openssl ca -config openssl.cnf -keyfile $ROOT_CA_DIR/${PREF}root-ca.key \
-cert $ROOT_CA_DIR/${PREF}root-ca.crt \
-extensions v3_ca -notext -md sha1 -in $INT_CA_DIR/${PREF}int-ca.csr \
-out $INT_CA_DIR/${PREF}int-ca.crt
}
#ROOT_SUBJ="/C=DE/ST=Berlin/L=Berlin/O=Cauwersin/CN=7u83.cauwersin.com/emailAddress=7u83@mail.ru"
ROOT_SUBJ="/C=US/ST=California/L=San Jose/O=Cisco Virtual Wireless LAN Controller/CN=CA-vWLC-AIR-CTVM-K9-080027949DE0/emailAddress=support@vwlc.com"
mkrootca "$ROOT_SUBJ"
#mkrootca "$ROOT_SUBJ" cisco