自带CA ，sha256 哈希签名，2048 位加密 脚本，通用

标签：自带ca   sha256 哈希签名   2048 位加密 脚本   

直接上代码

mkdir ssl

cd ssl

mkdir demoCA

cd demoCA

mkdir newcerts

mkdir private

touch index.txt

echo ‘01‘ > serial

function rand(){  

    min=$1  

    max=$(($2-$min+1))  

    num=$(date +%s%N)  

    echo $(($num%$max+$min))  

}  

rnd=$(rand 10 50)  

echo $rnd

touch /etc/pki/CA/index.txt 

echo $rnd   > /etc/pki/CA/serial    

CASUBJECT="/C=CN/ST=CA/L=CA/O=CA/OU=CA/CN=CA.COM"

openssl genrsa -out ca.key 2048

openssl req -new -x509   -subj $CASUBJECT  -days 3650 -key ca.key -out ca.crt

cd ..

read -p "Enter your domain [www.example.com]: " DOMAIN

SUBJECT="/C=CN/ST=Mars/L=51jubao/O=51jubao/OU=51jubao/CN=$DOMAIN"

openssl genrsa -out  $DOMAIN.key  2048

openssl req -new   -subj $SUBJECT -key $DOMAIN.key -out $DOMAIN.csr

#openssl ca    -days 1460 -in $DOMAIN.csr -out $DOMAIN.crt -cert /root/ssl/demoCA/ca.crt -keyfile /root/ssl/demoCA/ca.key

openssl x509 -req   -sha256   -days  1460 -in $DOMAIN.csr   -CA /root/ssl/demoCA/ca.crt  -CAkey /root/ssl/demoCA/ca.key  -CAcreateserial -out $DOMAIN.crt 

mkdir -p  /usr/local/nginx/ssl

echo "TODO:"

echo "Copy $DOMAIN.crt to /usr/local/nginx/ssl/$DOMAIN.crt"

echo "Copy $DOMAIN.key to /usr/local/nginx/ssl/$DOMAIN.key"

echo "Add configuration in nginx:"

echo "server {"

echo "    ..."

echo "    listen 443 ssl;"

echo "    ssl_certificate     /usr/local/nginx/ssl/$DOMAIN.crt;"

echo "    ssl_certificate_key /usr/local/nginx/ssl/$DOMAIN.key;"

echo "}"

#cp  $DOMAIN.crt  /usr/local/nginx/ssl/

#cp  $DOMAIN.key   /usr/local/nginx/ssl

本文出自 “好先生2020” 博客，请务必保留此出处http://fuyuan2016.blog.51cto.com/8678344/1887474

自带CA ，sha256 哈希签名，2048 位加密 脚本，通用

标签：自带ca   sha256 哈希签名   2048 位加密 脚本   

原文地址：http://fuyuan2016.blog.51cto.com/8678344/1887474