ssl认证文件生成
创建脚本 genkey.sh
#! /bin/bash
mv keys keys_$(date +"%Y%m%d%H%M%S")
mkdir keys
if [ -e ca.crt ] && [ -e ca.key ]; then
echo "exist ca.crt and ca.key"
else
echo "ca.crt and ca.key not exists gen it"
openssl genrsa -out ca.key 2048
openssl req -x509 -new -nodes -key ca.key -sha256 -days 3650 -out ca.crt -subj "/C=CN/ST=HN/L=ZZ/O=$1/OU=IT/CN=$2"
fi
openssl genrsa -out ./keys/server.key 2048
openssl req -new -key ./keys/server.key -out ./keys/server.csr -subj "/C=CN/ST=HN/L=ZZ/O=$1/OU=IT/CN=$2"
openssl rsa -in ./keys/server.key -out ./keys/server.key.unsecure
cp v3.ext ./keys/v3.ext
printf "DNS.1 = $2\n">>./keys/v3.ext
printf "IP.1 = $3\n">>./keys/v3.ext
openssl x509 -req -in ./keys/server.csr -CA ca.crt -CAkey ca.key -CAcreateserial -out ./keys/server.crt -days 3650 -sha256 -extfile ./keys/v3.ext
创建文件 v3.ext,解决 Chrome 报 missing_subjectAltName 的问题
basicConstraints = CA:FALSE
keyUsage = nonRepudiation, digitalSignature, keyEncipherment
subjectAltName = @alt_names
[alt_names]
执行命令 sh genkey.sh xxx xxx.cn 192.168.20.122
sh genkey.sh 公司简称 域名 服务器IP
(base) root@ubuntu:/opt/test# sh genkey.sh xxx xxx.com 192.168.20.122
mv: cannot stat 'keys': No such file or directory
exist ca.crt and ca.key
Generating RSA private key, 2048 bit long modulus (2 primes)
................................................................................+++++
........................................................................................+++++
e is 65537 (0x010001)
writing RSA key
Signature ok
subject=C = CN, ST = HN, L = ZZ, O = xxx, OU = IT, CN = xxx.com
Getting CA Private Key
(base) root@ubuntu:/opt/test# ll
total 32
drwxr-xr-x 3 root root 4096 11月 16 15:23 ./
drwxr-xr-x 7 root root 4096 11月 16 15:00 ../
-rw-r--r-- 1 root root 1318 11月 16 15:19 ca.crt
-rw------- 1 root root 1679 11月 16 15:19 ca.key
-rw-r--r-- 1 root root 41 11月 16 15:23 ca.srl
-rw-r--r-- 1 root root 791 11月 16 15:21 genkey.sh
drwxr-xr-x 2 root root 4096 11月 16 15:23 keys/
-rw-r--r-- 1 root root 211 11月 16 15:01 v3.ext
(base) root@ubuntu:/opt/test# ll keys
total 28
drwxr-xr-x 2 root root 4096 11月 16 15:23 ./
drwxr-xr-x 3 root root 4096 11月 16 15:23 ../
-rw-r--r-- 1 root root 1289 11月 16 15:23 server.crt
-rw-r--r-- 1 root root 993 11月 16 15:23 server.csr
-rw------- 1 root root 1679 11月 16 15:23 server.key
-rw------- 1 root root 1679 11月 16 15:23 server.key.unsecure
-rw-r--r-- 1 root root 258 11月 16 15:23 v3.ext
