linux使用openssl工具创建私有CA-师范机会-ChinaUnix博客

tequila

首页　| 　博文目录　| 　关于我

师范机会

博客访问： 41111
博文数量： 18
博客积分： 0
博客等级：民兵
技术积分： 165
用户组：普通用户
注册时间： 2015-05-19 15:23

个人简介

转身撞上猪

文章分类

全部博文（18）

java（1）
linux（11）
dns（1）
shell（1）
weblogic（1）
tcp（2）
linux c编程（1）
未分配的博文（0）

文章存档

2017年（18）

我的朋友

相关博文

linux使用openssl工具创建私有CA

分类： LINUX

2017-11-30 23:32:14

点击(此处)折叠或打开

#!/bin/bash
opensslversion=`/bin/rpm -q openssl`
[ "$?" != "0" ] && echo "openssl is not install." && exit 1
echo "openssl version: $opensslversion"
[ ! -f /etc/pki/tls/openssl.cnf ] && echo "/etc/pki/tls/openssl.cnf not exist." && exit 1
[ -f /etc/pki/tls/openssl.cnf.orig.unique ] && read -p "run again?[y/n]" run_again && [ "$run_again" != "y" ] && exit 1
[ -f /etc/pki/tls/openssl.cnf.orig.unique ] && /bin/cp /etc/pki/tls/openssl.cnf.orig.unique /etc/pki/tls/openssl.cnf || /bin/cp /etc/pki/tls/openssl.cnf /etc/pki/tls/openssl.cnf.orig.unique
[ "$?" != "0" ] && echo "can not cp /etc/pki/tls/openssl.cnf " && exit 1
countryName_default="CN"
stateOrProvinceName_default="GD"
localityName_default="SZ"
organizationName_default="mycompany"
organizationalUnitName_default="Tech"
commonName="ca.my.com"
emailAddress="caadmin@my.com"
#read -p "input default countryName: " countryName_default
#read -p "input default stateOrProvinceName: " stateOrProvinceName_default
#read -p "input default localityName: " localityName_default
#read -p "input default organizationName: " organizationName_default
#read -p "input default organizationalUnitName: " organizationalUnitName_default
#read -p "input commonName: " commonName
#read -p "input emailAddress: " emailAddress
[ -z $countryName_default ] && echo "default countryName no input." && exit 1
[ -z $stateOrProvinceName_default ] && echo "default stateOrProvinceName no input." && exit 1
[ -z $localityName_default ] && echo "default localityName no input." && exit 1
[ -z $organizationName_default ] && echo "default organizationName no input." && exit 1
[ -z $organizationalUnitName_default ] && echo "default organizationalUnitName no input." && exit 1
[ -z $commonName ] && echo "default commonName no input." && exit 1
[ -z $emailAddress ] && echo "default emailAddress no input." && exit 1
/bin/sed -i "s/^countryName_default.*$/countryName_default = $countryName_default/" /etc/pki/tls/openssl.cnf
[ "$?" != "0" ] && echo "fail to modify /etc/pki/tls/openssl.cnf " && exit 1
/bin/sed -i "s/^#stateOrProvinceName_default.*$/stateOrProvinceName_default = $stateOrProvinceName_default/" /etc/pki/tls/openssl.cnf
[ "$?" != "0" ] && echo "fail to modify /etc/pki/tls/openssl.cnf " && exit 1
/bin/sed -i "s/^localityName_default.*$/localityName_default = $localityName_default/" /etc/pki/tls/openssl.cnf
[ "$?" != "0" ] && echo "fail to modify /etc/pki/tls/openssl.cnf " && exit 1
/bin/sed -i "s/^0.organizationName_default.*$/0.organizationName_default = $organizationName_default/" /etc/pki/tls/openssl.cnf
[ "$?" != "0" ] && echo "fail to modify /etc/pki/tls/openssl.cnf " && exit 1
/bin/sed -i "s/^#organizationalUnitName_default.*$/organizationalUnitName_default = $organizationalUnitName_default/" /etc/pki/tls/openssl.cnf
[ "$?" != "0" ] && echo "fail to modify /etc/pki/tls/openssl.cnf " && exit 1
[ ! -d /etc/pki/CA/certs ] && mkdir /etc/pki/CA/certs
[ ! -d /etc/pki/CA/crl ] && mkdir /etc/pki/CA/crl
[ ! -d /etc/pki/CA/newcerts ] && mkdir /etc/pki/CA/newcerts
[ ! -d /etc/pki/CA/private ] && mkdir /etc/pki/CA/private
touch /etc/pki/CA/index.txt
touch /etc/pki/CA/serial
serialfilesize=`ls -l /etc/pki/CA/serial | awk '{print $5}'`
[ "$serialfilesize" == "0" ] && echo "01" >/etc/pki/CA/serial
[ ! -f /etc/pki/CA/private/cakey.pem.orig.unique ] && /bin/cp /etc/pki/CA/private/cakey.pem /etc/pki/CA/private/cakey.pem.orig.unique
[ ! -f /etc/pki/CA/cacert.pem.orig.unique ] && /bin/cp /etc/pki/CA/cacert.pem /etc/pki/CA/cacert.pem.orig.unique
/usr/bin/openssl genrsa -out /etc/pki/CA/private/cakey.pem 2048 1>/dev/null 2>&1
/bin/echo -e "\n\n\n\n\n$commonName\n$emailAddress\n" | /usr/bin/openssl req -new -x509 -key /etc/pki/CA/private/cakey.pem -out /etc/pki/CA/cacert.pem 1>/dev/null 2>&1
echo ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
echo "The CA certificate: "
ls -l /etc/pki/CA/cacert.pem
echo ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
/usr/bin/openssl x509 -in /etc/pki/CA/cacert.pem -text

阅读(1428) | 评论(0) | 转发(0) |

上一篇：?Linux开机启动流程

下一篇：没有了

给主人留下些什么吧！~~

感谢所有关心和支持过ChinaUnix的朋友们

16024965号-6