生成证书

. /etc/init.d/functions
declare -A CT
CT=( [sub0]="/O=kin/CN=ca.kin.com" \
[keyfile0]="cakey.pem" \
[crtfile0]="cacert.pem" \
[key0]=2048 \
[exp0]=3650 \
[serial0]=0 \
[sub1]="/C=CN/ST=hubei/L=xiangyang/O=wolong/CN=master.wolong.com" \
[keyfile1]="master.key" \
[crtfile1]="master.crt" \
[key1]=2048 \
[exp1]=365
[serial1]=1 \
[csrfile1]="master.csr" \
[sub2]="/C=CN/ST=hubei/L=xiangyang/O=wolong/CN=slave.wolong.com" \
[keyfile2]="slave.key" \
[crtfile2]="slave.crt" \
[key2]=2048 \
[exp2]=365 \
[serial2]=2 \
[csrfile2]="slave.csr" )

COLOR="echo -e \E[1;32m"
END="\E[0m"
DIR=/crt
cd $DIR

for i in {0..2};do
if [ $i -eq 0 ] ;then
openssl req -x509 -newkey rsa:${CT[key${i}]} -subj ${CT[sub${i}]} \
-set_serial ${CT[serial${i}]} -keyout ${CT[keyfile${i}]} -nodes \
-days ${CT[exp${i}]} -out ${CT[crtfile${i}]} &>/dev/null

else 
    openssl req -newkey rsa:${CT[key${i}]} -nodes -subj ${CT[sub${i}]}         -keyout ${CT[keyfile${i}]}   -out ${CT[csrfile${i}]} &>/dev/null

    openssl x509 -req -in ${CT[csrfile${i}]}  -CA ${CT[crtfile0]}     -CAkey ${CT[keyfile0]}  -set_serial ${CT[serial${i}]}      -days ${CT[exp${i}]} -out ${CT[crtfile${i}]} &>/dev/null
fi
$COLOR"**************************************生成证书信息**************************************"$END
openssl x509 -in ${CT[crtfile${i}]} -noout -subject -dates -serial
echo 

done
chmod 600 *.key
action "证书生成完成"
$COLOR"**生成证书文件如下**"$END
echo "证书存放目录: "$DIR
echo "证书文件列表: "ls $DIR