标签:INFO CN 证书 s1 一键 raymonds CERT key ca
一键自动颁发证书脚本
[root@rocky8 ~]# cat certificate.sh
#!/bin/bash
#
#**********************************************************************************************
#Author: Raymond
#QQ: 88563128
#Date: 2021-11-16
#FileName: certificate.sh
#URL: raymond.blog.csdn.net
#Description: The test script
#Copyright (C): 2021 All rights reserved
#*********************************************************************************************
CA_SUBJECT="/O=raymonds/CN=ca.raymonds.cc"
CA_EXPIRE=3650
SUBJECT="/C=CN/ST=Shaanxi/L=xi'an/O=raymonds/CN=*.raymonds.cc"
SERIAL=01
EXPIRE=365
FILE=httpd
openssl req -x509 -newkey rsa:2048 -subj ${CA_SUBJECT} -keyout ca.key -nodes -days ${CA_EXPIRE} -out ca.crt
openssl req -newkey rsa:2048 -nodes -keyout ${FILE}.key -subj ${SUBJECT} -out ${FILE}.csr
openssl x509 -req -in ${FILE}.csr -CA ca.crt -CAkey ca.key -set_serial ${SERIAL} -days ${EXPIRE} -out ${FILE}.crt
chmod 600 ${FILE}.key ca.key
[root@rocky8 ~]# cat certificate2.sh
#!/bin/bash
#
#**********************************************************************************************
#Author: Raymond
#QQ: 88563128
#Date: 2021-11-19
#FileName: certificate2.sh
#URL: raymond.blog.csdn.net
#Description: The test script
#Copyright (C): 2021 All rights reserved
#*********************************************************************************************
#证书存放目录
DIR=/data
#每个证书信息
declare -A CERT_INFO
CERT_INFO=([subject0]="/O=raymond/CN=ca.raymonds.cc" \
[keyfile0]="cakey.pem" \
[crtfile0]="cacert.pem" \
[key0]=2048 \
[expire0]=3650 \
[serial0]=0 \
[subject1]="/C=CN/ST=shaanxi/L=xi'an/O=it/CN=master.raymonds.cc" \
[keyfile1]="master.key" \
[crtfile1]="master.crt" \
[key1]=2048 \
[expire1]=365
[serial1]=1 \
[csrfile1]="master.csr" \
[subject2]="/C=CN/ST=shaanxi/L=xi'an/O=sales/CN=slave.raymonds.cc" \
[keyfile2]="slave.key" \
[crtfile2]="slave.crt" \
[key2]=2048 \
[expire2]=365 \
[serial2]=2 \
[csrfile2]="slave.csr" )
COLOR="echo -e \\E[1;32m"
END="\\E[0m"
#证书编号最大值
N=`echo ${!CERT_INFO[*]} |grep -o subject|wc -l`
cd $DIR
for((i=0;i<N;i++));do
if [ $i -eq 0 ] ;then
openssl req -x509 -newkey rsa:${CERT_INFO[key${i}]} -subj ${CERT_INFO[subject${i}]} \
-set_serial ${CERT_INFO[serial${i}]} -keyout ${CERT_INFO[keyfile${i}]} -nodes \
-days ${CERT_INFO[expire${i}]} -out ${CERT_INFO[crtfile${i}]} &>/dev/null
else
openssl req -newkey rsa:${CERT_INFO[key${i}]} -nodes -subj ${CERT_INFO[subject${i}]} \
-keyout ${CERT_INFO[keyfile${i}]} -out ${CERT_INFO[csrfile${i}]} &>/dev/null
openssl x509 -req -in ${CERT_INFO[csrfile${i}]} -CA ${CERT_INFO[crtfile0]} \
-CAkey ${CERT_INFO[keyfile0]} -set_serial ${CERT_INFO[serial${i}]} \
-days ${CERT_INFO[expire${i}]} -out ${CERT_INFO[crtfile${i}]} &>/dev/null
fi
$COLOR"**************************************生成证书信息**************************************"$END
openssl x509 -in ${CERT_INFO[crtfile${i}]} -noout -subject -dates -serial
echo
done
chmod 600 *.key
echo "证书生成完成"
$COLOR"**************************************生成证书文件如下**************************************"$END
echo "证书存放目录: "$DIR
echo "证书文件列表: "`ls $DIR`
标签:INFO,CN,证书,s1,一键,raymonds,CERT,key,ca 来源: https://blog.csdn.net/qq_25599925/article/details/121527651
本站声明: 1. iCode9 技术分享网(下文简称本站)提供的所有内容,仅供技术学习、探讨和分享; 2. 关于本站的所有留言、评论、转载及引用,纯属内容发起人的个人观点,与本站观点和立场无关; 3. 关于本站的所有言论和文字,纯属内容发起人的个人观点,与本站观点和立场无关; 4. 本站文章均是网友提供,不完全保证技术分享内容的完整性、准确性、时效性、风险性和版权归属;如您发现该文章侵犯了您的权益,可联系我们第一时间进行删除; 5. 本站为非盈利性的个人网站,所有内容不会用来进行牟利,也不会利用任何形式的广告来间接获益,纯粹是为了广大技术爱好者提供技术内容和技术思想的分享性交流网站。