#!/bin/bash
COUNTRY=CN
PROVINCE=jiangsu
CITY=Suzhou
ORGANIZATION=Test
GROUP=Devops
HOST=test.com
SUBJ="/C=$COUNTRY/ST=$PROVINCE/L=$CITY/O=$ORGANIZATION/OU=$GROUP/CN=$HOST"
#============================================#
# 签发根证书 #
#============================================#
openssl genrsa -out my_root_ca.key 2048
faketime '1970-01-01 00:00:00' /bin/bash -c "openssl req -x509 -new -nodes -key my_root_ca.key -sha256 -days 365000 -out my_root_ca.pem -subj $SUBJ"
#============================================#
# 用根证书签发server端证书 #
#============================================#
openssl genrsa -out emqx.key 2048
cat <<EOF >openssl.cnf
[req]
default_bits = 2048
distinguished_name = req_distinguished_name
req_extensions = req_ext
x509_extensions = v3_req
prompt = no
[req_distinguished_name]
countryName = CN
stateOrProvinceName = jinagsu
localityName = suz
organizationName = devops
commonName = dreame.com
[req_ext]
subjectAltName = @alt_names
[v3_req]
subjectAltName = @alt_names
[alt_names]
IP.1 = 127.0.0.1
DNS.1 = dreame.com
DNS.2 = $HOST
DNS.3 = *.com
EOF
openssl req -new -key ./emqx.key -config openssl.cnf -out emqx.csr
faketime '1970-01-01 00:00:00' /bin/bash -c 'openssl x509 -req -in ./emqx.csr -CA my_root_ca.pem -CAkey my_root_ca.key -CAcreateserial -out emqx.pem -days 365000 -sha256 -extensions v3_req -extfile openssl.cnf'
#============================================#
# 用根证书签发client端证书 #
#============================================#
openssl genrsa -out client.key 2048
openssl req -new -key client.key -out client.csr -subj "/C=CN/ST=Zhejiang/L=Hangzhou/O=EMQX/CN=client"
faketime '1970-01-01 00:00:00' /bin/bash -c 'openssl x509 -req -days 365000 -in client.csr -CA my_root_ca.pem -CAkey my_root_ca.key -CAcreateserial -out client.pem'
08-04
2380
2380
03-02
5418
5418
06-01
“相关推荐”对你有帮助么?
-
非常没帮助 -
没帮助 -
一般 -
有帮助 -
非常有帮助
提交
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
