sergiu/linx-simulator2
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

workaround for certs newer ubuntu >18

Browse Source
This commit is contained in:
bmamihai 2023-03-28 23:04:56 +03:00
parent 6e5361e085
commit 7f1fb02af1
3 changed files with 22 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
createCA.sh
View File

@ -1,4 +1,6 @@
#!/bin/sh #!/bin/sh
#OPENSSL_PATH="/usr/bin" #default install path
OPENSSL_PATH="/usr/local/ssl/bin" #workaround for dual openssl install
DAYS=$((10*365)) DAYS=$((10*365))
LEVELS=1 LEVELS=1
@ -12,10 +14,10 @@ OPENSSL_CNF="/etc/ssl/openssl.cnf"
mkdir -p $CERTS_PATH mkdir -p $CERTS_PATH
#generate root key pair #generate root key pair
openssl genrsa -out "$CERTS_PATH/root-key.pem" 4096 $OPENSSL_PATH/openssl genrsa -out "$CERTS_PATH/root-key.pem" 4096
#generate root self-signed cert #generate root self-signed cert
openssl req -new -x509 -days $DAYS -key "$CERTS_PATH/root-key.pem" -subj "$DN/CN=Root" -out "$CERTS_PATH/root-cert.pem" $OPENSSL_PATH/openssl req -new -x509 -days $DAYS -key "$CERTS_PATH/root-key.pem" -subj "$DN/CN=Root" -out "$CERTS_PATH/root-cert.pem"
cat "$CERTS_PATH/root-cert.pem" > $CHAIN cat "$CERTS_PATH/root-cert.pem" > $CHAIN
@ -30,17 +32,17 @@ for i in `seq 1 $LEVELS`; do
fi fi
#generate key pair #generate key pair
openssl genrsa -out "$CERTS_PATH/ca$i-key.pem" 4096 $OPENSSL_PATH/openssl genrsa -out "$CERTS_PATH/ca$i-key.pem" 4096
#generate signing request #generate signing request
openssl req -new -key "$CERTS_PATH/ca$i-key.pem" -subj "$DN/CN=Level$i" -out "$CERTS_PATH/ca$i-csr.pem" $OPENSSL_PATH/openssl req -new -key "$CERTS_PATH/ca$i-key.pem" -subj "$DN/CN=Level$i" -out "$CERTS_PATH/ca$i-csr.pem"
echo "-------------" echo "-------------"
echo ">>>>>>>>>>>>>>>>>"$SIGNER_CERT echo ">>>>>>>>>>>>>>>>>"$SIGNER_CERT
echo ">>>>>>>>>>>>>>>>>"$SIGNER_KEY echo ">>>>>>>>>>>>>>>>>"$SIGNER_KEY
#sign new cert #sign new cert
openssl x509 -req -days $DAYS -in "$CERTS_PATH/ca$i-csr.pem" -CA $SIGNER_CERT -CAkey $SIGNER_KEY \ $OPENSSL_PATH/openssl x509 -req -days $DAYS -in "$CERTS_PATH/ca$i-csr.pem" -CA $SIGNER_CERT -CAkey $SIGNER_KEY \
-set_serial $i -out "$CERTS_PATH/ca$i-cert.pem" -extfile $OPENSSL_CNF -extensions v3_ca -set_serial $i -out "$CERTS_PATH/ca$i-cert.pem" -extfile $OPENSSL_CNF -extensions v3_ca
cat "$CERTS_PATH/ca$i-cert.pem" >> $CHAIN cat "$CERTS_PATH/ca$i-cert.pem" >> $CHAIN
echo "-------------" echo "-------------"

9
createCerts.sh
View File

@ -1,5 +1,6 @@
#!/bin/sh #!/bin/sh
#OPENSSL_PATH="/usr/bin" #default install path
OPENSSL_PATH="/usr/local/ssl/bin" #workaround for dual openssl install
if test "$#" -ne 1; then if test "$#" -ne 1; then
echo "Error: Wrong parameters --> You must provide the certificate name." echo "Error: Wrong parameters --> You must provide the certificate name."
echo "Please use: ./createCerts.sh 18" echo "Please use: ./createCerts.sh 18"
@ -13,11 +14,11 @@ ID=$1
CERTS_PATH=certs CERTS_PATH=certs
#generate key pair #generate key pair
openssl genrsa -out "$CERTS_PATH/$ID-key.pem" 4096 $OPENSSL_PATH/openssl genrsa -out "$CERTS_PATH/$ID-key.pem" 4096
#generate signing request #generate signing request
openssl req -new -key "$CERTS_PATH/$ID-key.pem" -subj "$DN/CN=$ID" -out "$CERTS_PATH/$ID-csr.pem" $OPENSSL_PATH/openssl req -new -key "$CERTS_PATH/$ID-key.pem" -subj "$DN/CN=$ID" -out "$CERTS_PATH/$ID-csr.pem"
#sign new cert #sign new cert
openssl x509 -req -days $DAYS -in "$CERTS_PATH/$ID-csr.pem" -CA "$CERTS_PATH/ca1-cert.pem" \ $OPENSSL_PATH/openssl x509 -req -days $DAYS -in "$CERTS_PATH/$ID-csr.pem" -CA "$CERTS_PATH/ca1-cert.pem" \
-CAkey "$CERTS_PATH/ca1-key.pem" -set_serial 500 -out "$CERTS_PATH/$ID-cert.pem" -CAkey "$CERTS_PATH/ca1-key.pem" -set_serial 500 -out "$CERTS_PATH/$ID-cert.pem"

10
installOpenSSL1.02.sh Normal file
View File

@ -0,0 +1,10 @@
#!/bin/sh
cd /usr/local/
wget https://www.openssl.org/source/openssl-1.0.2g.tar.gz
tar -xzvf openssl-1.0.2g.tar.gz
cd openssl-1.0.2g/
./config
make install
/usr/local/ssl/bin/openssl version