#!/bin/bash
sed -i 's@../../CA@/etc/pki/CA@g' /etc/pki/tls/openssl.cnf
cd /etc/pki/CA
openssl genrsa 1024 > private/cakey.pem
echo "CN
HN
ZZ
Linux
Tech
www.ca.com
ca@fan.com" | openssl req -new -x509 -key private/cakey.pem -out cacert.pem -days 3650
mkdir certs newcerts crL
touch index.txt serial
echo 01 > serial
read -p "Please input your service:" SERVICE
mkdir -pv /etc/$SERVICE/ssl
cd /etc/$SERVICE/ssl
openssl genrsa 1024 > $SERVICE.key
echo "
CN
HN
ZZ
Linux
Tech
www.a.com
a@fan.com" |openssl req -new -key $SERVICE.key -out $SERVICE.csr
openssl ca -in $SERVICE.csr -out $SERVICE.crt -days 3650
rm -rf $SERVICE.csr
cp /etc/pki/CA/cacert.pem .
chmod 600 ./*
转载于:https://blog.51cto.com/chenxizhuimeng/498566
197
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
