概述
证书脚本
PROJECT_NAME="TLS Project"
# Generate the openssl configuration files.
cat > ca_cert.conf << EOF
[ req ]
distinguished_name
= req_distinguished_name
prompt
= no
[ req_distinguished_name ]
O
= $PROJECT_NAME Dodgy Certificate Authority
EOF
cat > server_cert.conf << EOF
[ req ]
distinguished_name
= req_distinguished_name
prompt
= no
[ req_distinguished_name ]
O
= $PROJECT_NAME
CN
= 172.16.39.197
EOF
cat > client_cert.conf << EOF
[ req ]
distinguished_name
= req_distinguished_name
prompt
= no
[ req_distinguished_name ]
O
= $PROJECT_NAME Device Certificate
CN
= 172.16.39.197
EOF
mkdir ca
mkdir server
mkdir client
mkdir certDER
# private key generation
openssl genrsa -out ca.key 2048
openssl genrsa -out server.key 2048
openssl genrsa -out client.key 2048
# cert requests
openssl req -out ca.req -key ca.key -new
-config ./ca_cert.conf
openssl req -out server.req -key server.key -new
-config ./server_cert.conf
openssl req -out client.req -key client.key -new
-config ./client_cert.conf
# generate the actual certs.
openssl x509 -req -in ca.req -out ca.crt
-sha256 -days 5000 -signkey ca.key
openssl x509 -req -in server.req -out server.crt
-sha256 -CAcreateserial -days 5000
-CA ca.crt -CAkey ca.key
openssl x509 -req -in client.req -out client.crt
-sha256 -CAcreateserial -days 5000
-CA ca.crt -CAkey ca.key
openssl x509 -in ca.crt -outform DER -out ca.der
openssl x509 -in server.crt -outform DER -out server.der
openssl x509 -in client.crt -outform DER -out client.der
mv ca.crt ca.key ca/
mv server.crt server.key server/
mv client.crt client.key client/
mv ca.der server.der client.der certDER/
rm *.conf
rm *.req
rm *.srl 生成证书
复制内容取名为key.sh执行./key.sh
所生成的证书在当前目录下的certDER目录下
可修改脚本生成不同类型证书,该脚本签名使用sha256,密钥为rsa算法
最后
以上就是殷勤音响为你收集整理的openssl 一键创建自签证书的全部内容,希望文章能够帮你解决openssl 一键创建自签证书所遇到的程序开发问题。
如果觉得靠谱客网站的内容还不错,欢迎将靠谱客网站推荐给程序员好友。
本图文内容来源于网友提供,作为学习参考使用,或来自网络收集整理,版权属于原作者所有。
发表评论 取消回复