自动生成SSL证书的脚本
文章目录
基于Lnux系统下的
openssl
和jdk
keytool
工具
1. 脚本和配置
1.1 生成https证书脚本
#! /bin/bash
FILE_PREFIX=tls
RSA_BITS_NUM=2048
VALID_DAYS=3650
PASS_RSA=jeasoon
PASS_P12=jeasoon
PASS_JKS=jeasoon
CRT_ALIAS=jeasoon
CRT_COUNTRY_NAME=CN
CRT_PROVINCE_NAME=Beijing
CRT_CITY_NAME=Beijing
CRT_ORGANIZATION_NAME=jeasoon
CRT_ORGANIZATION_UNIT_NAME=jeasoon
CRT_DOMAIN=*.jeasoon.com
CRT_EMAIL=jeasoon@jeasoon.com
CRT_EXTRA_CHALLENGE_PASSWD=jeasoon
CRT_EXTRA_OPTINAL_COMPANY_NAME=Jeasoon
# 2.1 生成私钥
echo -e "\n----------------------------------------------------------\n生成私钥\n"
openssl genrsa -des3 -passout pass:$PASS_RSA -out $FILE_PREFIX.pem $RSA_BITS_NUM
# 2.2 除去密码口令
echo -e "\n----------------------------------------------------------\n除去密码口令\n"
openssl rsa -in $FILE_PREFIX.pem -out $FILE_PREFIX.key -passin pass:$PASS_RSA
# 2.3 生成证书请求
echo -e "\n----------------------------------------------------------\n生成证书请求\n"
openssl req -new -days $VALID_DAYS -key $FILE_PREFIX.key -out $FILE_PREFIX.csr << EOF
$CRT_COUNTRY_NAME
$CRT_PROVINCE_NAME
$CRT_CITY_NAME