shell实现一键证书申请和颁发脚本

2023-08-13 09:35:58

[root@centos8 data]#cat certificate.sh

#********************************************************************
#Author: zhangtianze
#QQ: 1185673631
#Date: 2020-08-07
#FileName: certificate.sh
#Copyright (C): 2020 All rights reserved
#********************************************************************
CA_SUBJECT="/O=heaven/CN=ca.god.com"
SUBJECT="/C=CN/ST=hubei/L=wuhan/O=Central.Hospital/CN=master.liwenliang.org"
SUBJECT2="/C=CN/ST=hubei/L=wuhan/O=Central.Hospital/CN=slave.liwenliang.org"
KEY_SIZE=2048 #此值不能使用1024
SERIAL=34
SERIAL2=35



CA_EXPIRE=202002
EXPIRE=365
FILE=master
FILE2=slave




#生成自签名的CA证书
openssl req  -x509 -newkey rsa:${KEY_SIZE} -subj $CA_SUBJECT -keyout cakey.pem -nodes -days $CA_EXPIRE -out cacert.pem




#第一个证书


#生成私钥和证书申请
openssl req -newkey rsa:${KEY_SIZE} -nodes -keyout ${FILE}.key  -subj $SUBJECT -out ${FILE}.csr
#颁发证书
openssl x509 -req -in ${FILE}.csr  -CA cacert.pem  -CAkey cakey.pem  -set_serial $SERIAL  -days $EXPIRE -out ${FILE}.crt




#第二个证书
openssl req -newkey rsa:${KEY_SIZE}  -nodes -keyout ${FILE2}.key  -subj $SUBJECT2 -out ${FILE2}.csr
openssl x509 -req -in ${FILE2}.csr  -CA cacert.pem  -CAkey cakey.pem  -set_serial $SERIAL2  -days $EXPIRE -out ${FILE2}.crt




chmod 600 *.key


 


 

上一篇:Ubuntu通过node.js搭建https服务demo(附Error: 0906D06C:PEM routines:PEM_read_bio:no start line解决过程及腾讯云证书申请过程)

下一篇:RSA算法---公钥密钥对生成方法