From 7f1fb02af192b64fba623b712033eab8261fb15e Mon Sep 17 00:00:00 2001 From: bmamihai Date: Tue, 28 Mar 2023 23:04:56 +0300 Subject: [PATCH] workaround for certs newer ubuntu >18 --- createCA.sh | 12 +++++++----- createCerts.sh | 9 +++++---- installOpenSSL1.02.sh | 10 ++++++++++ 3 files changed, 22 insertions(+), 9 deletions(-) create mode 100644 installOpenSSL1.02.sh diff --git a/createCA.sh b/createCA.sh index d91a9bf..e5d91a3 100755 --- a/createCA.sh +++ b/createCA.sh @@ -1,4 +1,6 @@ #!/bin/sh +#OPENSSL_PATH="/usr/bin" #default install path +OPENSSL_PATH="/usr/local/ssl/bin" #workaround for dual openssl install DAYS=$((10*365)) LEVELS=1 @@ -12,10 +14,10 @@ OPENSSL_CNF="/etc/ssl/openssl.cnf" mkdir -p $CERTS_PATH #generate root key pair -openssl genrsa -out "$CERTS_PATH/root-key.pem" 4096 +$OPENSSL_PATH/openssl genrsa -out "$CERTS_PATH/root-key.pem" 4096 #generate root self-signed cert -openssl req -new -x509 -days $DAYS -key "$CERTS_PATH/root-key.pem" -subj "$DN/CN=Root" -out "$CERTS_PATH/root-cert.pem" +$OPENSSL_PATH/openssl req -new -x509 -days $DAYS -key "$CERTS_PATH/root-key.pem" -subj "$DN/CN=Root" -out "$CERTS_PATH/root-cert.pem" cat "$CERTS_PATH/root-cert.pem" > $CHAIN @@ -30,17 +32,17 @@ for i in `seq 1 $LEVELS`; do fi #generate key pair - openssl genrsa -out "$CERTS_PATH/ca$i-key.pem" 4096 + $OPENSSL_PATH/openssl genrsa -out "$CERTS_PATH/ca$i-key.pem" 4096 #generate signing request - openssl req -new -key "$CERTS_PATH/ca$i-key.pem" -subj "$DN/CN=Level$i" -out "$CERTS_PATH/ca$i-csr.pem" + $OPENSSL_PATH/openssl req -new -key "$CERTS_PATH/ca$i-key.pem" -subj "$DN/CN=Level$i" -out "$CERTS_PATH/ca$i-csr.pem" echo "-------------" echo ">>>>>>>>>>>>>>>>>"$SIGNER_CERT echo ">>>>>>>>>>>>>>>>>"$SIGNER_KEY #sign new cert - openssl x509 -req -days $DAYS -in "$CERTS_PATH/ca$i-csr.pem" -CA $SIGNER_CERT -CAkey $SIGNER_KEY \ + $OPENSSL_PATH/openssl x509 -req -days $DAYS -in "$CERTS_PATH/ca$i-csr.pem" -CA $SIGNER_CERT -CAkey $SIGNER_KEY \ -set_serial $i -out "$CERTS_PATH/ca$i-cert.pem" -extfile $OPENSSL_CNF -extensions v3_ca cat "$CERTS_PATH/ca$i-cert.pem" >> $CHAIN echo "-------------" diff --git a/createCerts.sh b/createCerts.sh index b32add9..7d54a27 100755 --- a/createCerts.sh +++ b/createCerts.sh @@ -1,5 +1,6 @@ #!/bin/sh - +#OPENSSL_PATH="/usr/bin" #default install path +OPENSSL_PATH="/usr/local/ssl/bin" #workaround for dual openssl install if test "$#" -ne 1; then echo "Error: Wrong parameters --> You must provide the certificate name." echo "Please use: ./createCerts.sh 18" @@ -13,11 +14,11 @@ ID=$1 CERTS_PATH=certs #generate key pair -openssl genrsa -out "$CERTS_PATH/$ID-key.pem" 4096 +$OPENSSL_PATH/openssl genrsa -out "$CERTS_PATH/$ID-key.pem" 4096 #generate signing request -openssl req -new -key "$CERTS_PATH/$ID-key.pem" -subj "$DN/CN=$ID" -out "$CERTS_PATH/$ID-csr.pem" +$OPENSSL_PATH/openssl req -new -key "$CERTS_PATH/$ID-key.pem" -subj "$DN/CN=$ID" -out "$CERTS_PATH/$ID-csr.pem" #sign new cert -openssl x509 -req -days $DAYS -in "$CERTS_PATH/$ID-csr.pem" -CA "$CERTS_PATH/ca1-cert.pem" \ +$OPENSSL_PATH/openssl x509 -req -days $DAYS -in "$CERTS_PATH/$ID-csr.pem" -CA "$CERTS_PATH/ca1-cert.pem" \ -CAkey "$CERTS_PATH/ca1-key.pem" -set_serial 500 -out "$CERTS_PATH/$ID-cert.pem" \ No newline at end of file diff --git a/installOpenSSL1.02.sh b/installOpenSSL1.02.sh new file mode 100644 index 0000000..249d897 --- /dev/null +++ b/installOpenSSL1.02.sh @@ -0,0 +1,10 @@ +#!/bin/sh + +cd /usr/local/ +wget https://www.openssl.org/source/openssl-1.0.2g.tar.gz +tar -xzvf openssl-1.0.2g.tar.gz +cd openssl-1.0.2g/ +./config +make install + +/usr/local/ssl/bin/openssl version \ No newline at end of file