生成httpd证书脚本

2023-11-23 18:38:34

[root@cb ~]# cat https.sh 
#!/bin/bash

hostname=192.168.100.1

rm -rf /etc/pki/CA &>/dev/null
mkdir -p /etc/pki/CA/private && cd /etc/pki/CA
yum -y install expect &>/dev/null

#CA生成一对密钥
(umask 077;openssl genrsa -out private/cakey.pem 2048)

#提取公钥
openssl rsa -in private/cakey.pem -pubout

#生成自签署证书
expect << EOF
     set timeout 60
     spawn openssl req -new -x509 -key private/cakey.pem -out cacert.pem -days 365
     expect "letter code"      {send "cn\r"}
     expect "full name"          {send "HB\r"}
     expect "city"                  {send "WH\r"}
     expect "company"          {send "runtime\r"}
     expect "section"                {send "teach\r"}
     expect "hostname"          {send "${hostname}\r"}
     expect "Email"          {send "1@2.com\r"}
     expect "#"
EOF

#读出cacert.pem证书的内容
openssl x509 -text -in cacert.pem
mkdir certs newcerts crl
touch index.txt && echo 01 > serial

#安装httpd
yum -y remove httpd &>/dev/null
yum -y install httpd &>/dev/null
systemctl enable --now httpd &>/dev/null

#httpd服务器生成密钥
cd /etc/httpd && mkdir ssl && cd ssl
(umask 077;openssl genrsa -out httpd.key 2048)

#生成证书签署请求
expect << EOF
     set timeout 60
     spawn openssl req -new -key httpd.key -days 365 -out httpd.csr 
     expect "letter code"         {send "cn\r"}
     expect "full name"           {send "HB\r"}
     expect "city"                {send "WH\r"}
     expect "company"             {send "runtime\r"}
     expect "section"             {send "teach\r"}
     expect "hostname"            {send "${hostname}\r"}
     expect "Email"               {send "1@2.com\r"}
     expect "password"          {send "\r"}
     expect "company name"      {send "\r"}
     expect "#"
EOF

#CA签署客户端提交上来的证书
expect << EOF
     set timeout 60
     spawn openssl ca -in ./httpd.csr -out httpd.crt -days 365
     expect "certificate"        {send "y\r"}
     expect "commit"             {send "y\r"}
     expect "#"
EOF

#修改配置文件
yum -y remove mod_ssl &>/dev/null
yum -y install mod_ssl &>/dev/null
sed -i "s/#DocumentRoot/DocumentRoot/g" /etc/httpd/conf.d/ssl.conf
sed -i "s/#ServerName www.example.com:443/ServerName ${hostname}:443/g"
sed -i "s#/etc/pki/tls/certs/localhost.crt#/etc/httpd/ssl/httpd.crt#g" /etc/httpd/conf.d/ssl.conf
sed -i "s#/etc/pki/tls/private/localhost.key#/etc/httpd/ssl/httpd.key#g" /etc/httpd/conf.d/ssl.conf

#重启httpd
systemctl restart httpd &>/dev/null
ss -antl

[root@cb ~]# ./https.sh
······
State     Recv-Q     Send-Q         Local Address:Port         Peer Address:Port    
LISTEN    0          128                  0.0.0.0:22                0.0.0.0:*       
LISTEN    0          128                        *:443                     *:*       
LISTEN    0          128                        *:80                      *:*       
LISTEN    0          128                     [::]:22                   [::]:*

 

[root@node1 ~]# cat https.sh #!/bin/bash
hostname=192.168.100.1
rm -rf /etc/pki/CA &>/dev/nullmkdir -p /etc/pki/CA/private && cd /etc/pki/CAyum -y install expect &>/dev/null
#CA生成一对密钥(umask 077;openssl genrsa -out private/cakey.pem 2048)
#提取公钥openssl rsa -in private/cakey.pem -pubout
#生成自签署证书expect << EOF     set timeout 60     spawn openssl req -new -x509 -key private/cakey.pem -out cacert.pem -days 365     expect "letter code"  {send "cn\r"}     expect "full name"  {send "HB\r"}     expect "city"              {send "WH\r"}     expect "company"  {send "runtime\r"}     expect "section"        {send "teach\r"}     expect "hostname"  {send "${hostname}\r"}     expect "Email"  {send "1@2.com\r"}     expect "#"EOF
#读出cacert.pem证书的内容openssl x509 -text -in cacert.pemmkdir certs newcerts crltouch index.txt && echo 01 > serial
#安装httpdyum -y remove httpd &>/dev/nullyum -y install httpd &>/dev/nullsystemctl enable --now httpd &>/dev/null
#httpd服务器生成密钥cd /etc/httpd && mkdir ssl && cd ssl(umask 077;openssl genrsa -out httpd.key 2048)
#生成证书签署请求expect << EOF     set timeout 60     spawn openssl req -new -key httpd.key -days 365 -out httpd.csr      expect "letter code"         {send "cn\r"}     expect "full name"           {send "HB\r"}     expect "city"                {send "WH\r"}     expect "company"             {send "runtime\r"}     expect "section"             {send "teach\r"}     expect "hostname"            {send "${hostname}\r"}     expect "Email"               {send "1@2.com\r"}     expect "password"  {send "\r"}     expect "company name"  {send "\r"}     expect "#"EOF
#CA签署客户端提交上来的证书expect << EOF     set timeout 60     spawn openssl ca -in ./httpd.csr -out httpd.crt -days 365     expect "certificate"        {send "y\r"}     expect "commit"         {send "y\r"}     expect "#"EOF
#修改配置文件yum -y remove mod_ssl &>/dev/nullyum -y install mod_ssl &>/dev/nullsed -i "s/#DocumentRoot/DocumentRoot/g" /etc/httpd/conf.d/ssl.confsed -i "s/#ServerName www.example.com:443/ServerName ${hostname}:443/g"sed -i "s#/etc/pki/tls/certs/localhost.crt#/etc/httpd/ssl/httpd.crt#g" /etc/httpd/conf.d/ssl.confsed -i "s#/etc/pki/tls/private/localhost.key#/etc/httpd/ssl/httpd.key#g" /etc/httpd/conf.d/ssl.conf
#重启httpdsystemctl restart httpd &>/dev/nullss -antl
[root@node1 ~]# ./https.sh······State     Recv-Q     Send-Q         Local Address:Port         Peer Address:Port    LISTEN    0          128                  0.0.0.0:22                0.0.0.0:*       LISTEN    0          128                        *:443                     *:*       LISTEN    0          128                        *:80                      *:*       LISTEN    0          128                     [::]:22                   [::]:* 

生成httpd证书脚本

上一篇:实现discuz 论坛安装


下一篇:webpack打包配置nodejs