Shell代码
#!/bin/bash
ca_path=ca
certs_path=$ca_path/certs
newcerts_path=$ca_path/newcerts
private_path=$ca_path/private
crl_path=$ca_path/crl
echo 移除CA根目录
rm -rf ca
echo 构建CA根目录
mkdir ca
echo 构建子目录
mkdir certs
mkdir newcerts
mkdir private
mkdir crl
#构建文件
touch $ca_path/index.txt
echo 01 > $ca_path/serial
echo
#构建随机数
openssl rand -out $private_path/.rand 1000
echo
echo 生成根证书私钥
openssl genrsa -des3 -out $private_path/ca.pem 2048
echo
echo 查看私钥信息
openssl rsa -noout -text -in $private_path/ca.pem
echo
echo 生成根证书请求
openssl req -new -key $private_path/ca.pem -out $certs_path/ca.csr -subj "/C=CN/ST=BJ/L=BJ/O=zlex/OU=zlex/CN=ca.zlex.org"
echo
echo 查看证书请求
openssl req -in $certs_path/ca.csr -text -noout
echo
echo 签发根证书
openssl ca -create_serial -out $certs_path/ca.crt -days 3650 -batch -keyfile $private_path/ca.pem -selfsign -extensions v3_ca -infiles $certs_path/ca.csr
#openssl x509 -req -sha1 -extensions v3_ca -signkey $private_path/ca.pem -in $certs_path/ca.csr -out $certs_path/ca.crt -days 3650
echo
echo 查看证书详情
openssl x509 -in $certs_path/ca.crt -text -noout
echo
echo 证书转换——根证书
openssl pkcs12 -export -clcerts -in $certs_path/ca.crt -inkey $private_path/ca.pem -out $certs_path/ca.p12
echo
echo 生成服务器端私钥
openssl genrsa -des3 -out $private_path/server.pem 1024
echo
echo 查看私钥信息
openssl rsa -noout -text -in $private_path/server.pem
echo
echo 生成服务器端证书请求
openssl req -new -key $private_path/server.pem -out $certs_path/server.csr -subj "/C=CN/ST=BJ/L=BJ/O=zlex/OU=zlex/CN=www.zlex.org"
echo
echo 查看证书请求
openssl req -in $certs_path/server.csr -text -noout
echo
echo 签发服务器端证书
openssl ca -in $certs_path/server.csr -out $certs_path/server.crt -cert $certs_path/ca.crt -keyfile $private_path/ca.pem -days 365 -notext
#openssl x509 -req -days 365 -sha1 -extensions v3_req -CA $certs_path/ca.crt -CAkey $private_path/ca.pem -CAserial $ca_path/serial -CAcreateserial -in $certs_path/server.csr -out $certs_path/server.crt
echo
echo 查看证书详情
openssl x509 -in $certs_path/server.crt -text -noout
echo
echo 证书转换——服务器端
openssl pkcs12 -export -clcerts -in $certs_path/server.crt -inkey $private_path/server.pem -out $certs_path/server.p12
echo
echo 生成客户端私钥
openssl genrsa -des3 -out $private_path/client.pem 1024
echo
echo 生成客户端私钥
openssl genrsa -des3 -out $private_path/client.pem 1024
echo
echo 查看私钥信息
openssl rsa -noout -text -in $private_path/client.pem
echo
echo 生成客户端证书请求
openssl req -new -key $private_path/client.pem -out $certs_path/client.csr -subj "/C=CN/ST=BJ/L=BJ/O=zlex/OU=zlex/CN=zlex"
echo
echo 查看证书请求
openssl req -in $certs_path/client.csr -text -noout
echo
echo 签发客户端证书
openssl ca -in $certs_path/client.csr -out $certs_path/client.crt -cert $certs_path/ca.crt -keyfile $private_path/ca.pem -days 365 -notext
#openssl x509 -req -days 365 -sha1 -extensions dir_sect -CA $certs_path/ca.crt -CAkey $private_path/ca.pem -CAserial $ca_path/serial -in $certs_path/client.csr -out $certs_path/client.crt
echo
echo 查看证书详情
openssl x509 -in $certs_path/client.crt -text -noout
echo
echo 证书转换——客户端
openssl pkcs12 -export -clcerts -in $certs_path/client.crt -inkey $private_path/client.pem -out $certs_path/client.p12
echo
echo 生成证书链PKCS#7
openssl crl2pkcs7 -nocrl -certfile $certs_path/server.crt -certfile $certs_path/ca.crt -certfile $certs_path/client.crt -out
form PEM -out $certs_path/zlex.p7b
echo
echo 查看证书链
openssl pkcs7 -in $certs_path/zlex.p7b -print_certs -noout
这个脚本就是最重要的结晶了!
执行结果,如下:
引用
生成根证书私钥
Generating RSA private key, 2048 bit long modulus
..................................+++
.............................................................+++
e is 65537 (0x10001)
Enter pass phrase for ca/private/ca.pem:
Verifying - Enter pass phrase for ca/private/ca.pem:
查看私钥信息
Enter pass phrase for ca/private/ca.pem:
Private-Key: (2048 bit)
modulus:
00:d4:18:ab:5f:ad:b7:d0:09:d4:68:63:b5:db:8a:
d1:a1:db:7e:f3:bb:bb:c2:be:a7:35:17:9e:bb:20:
d3:1f:ed:63:e7:7d:29:6d:d2:7c:60:06:47:53:a6:
23:b0:bd:94:65:3f:57:1e:00:51:f3:a1:9a:1b:83:
14:a5:53:72:86:21:a2:57:22:2f:6a:a9:46:50:8c:
f0:51:cf:e6:83:5b:23:dc:f9:ea:6c:2e:51:20:61:
d1:84:9f:28:e8:01:89:b5:cb:55:68:4a:11:b1:06:
56:31:21:16:c8:ac:2b:68:31:e1:de:12:d3:21:12:
83:36:4c:ca:a8:b5:7e:b9:a7:63:4e:8e:e0:79:0f:
0e:91:36:28:7c:dd:9a:e2:e0:98:8b:91:7f:09:7d:
20:bb:37:f2:ab:aa:f0:ef:ae:68:7e:db:ca:db:33:
84:48:5a:e3:ff:0b:08:0e:96:6d:01:c8:12:35:ec:
9f:31:55:7f:53:7e:bd:fb:c4:16:b8:1f:17:29:42:
0f:0e:04:57:14:18:fd:e5:d6:3f:40:04:cd:85:dd:
d3:eb:2f:9a:bf:3c:8a:60:01:88:2f:43:0a:8b:bb:
50:13:f8:cc:68:f9:10:eb:f9:7e:63:de:62:55:32:
a8:fe:ce:51:67:79:c9:a6:3b:a3:c9:d7:81:7c:48:
f3:d1
publicExponent: 65537 (0x10001)
privateExponent:
00:b0:8a:e4:43:1c:df:6e:bc:6f:e0:80:76:c4:8a:
75:5a:0b:d1:4d:61:cb:b5:1b:6b:24:c7:47:69:ad:
b5:ee:d2:73:a1:21:4e:95:ca:69:9a:a8:3f:40:c2:
7e:dc:c3:c0:bc:d2:0f:5a:ba:9b:7c:76:dc:46:e0:
42:14:27:34:a1:af:67:68:ad:dc:d8:24:94:91:c1:
ee:db:ba:78:be:87:e3:7f:31:4b:4e:c6:f2:e2:48:
69:d4:c1:82:94:33:8b:84:15:ff:3e:72:c0:ed:20:
40:28:5e:c9:8f:39:b8:5b:df:81:89:8f:13:cc:68:
93:6d:64:58:20:3c:0a:82:ce:ec:2f:9b:b2:9d:ca:
e7:19:22:98:29:6e:7c:4d:85:45:17:50:8f:5d:b1:
45:be:42:af:1a:7f:84:26:b4:5d:a6:22:8a:07:e8:
b3:b4:5a:59:45:20:b5:ef:1c:81:25:9e:73:74:04:
d6:57:30:2c:a7:25:50:7c:d7:87:73:b3:d0:c2:8b:
c9:02:8e:15:9e:40:41:a5:7a:a9:d8:85:fb:5b:9a:
59:83:bc:80:fa:74:e6:88:14:70:33:61:d7:f5:51:
47:8f:60:51:cb:c4:97:66:65:94:f0:ed:58:ca:80:
c1:89:e0:55:68:4c:69:21:0f:08:27:e0:87:11:df:
b7:bd
prime1:
00:f7:ff:b0:40:de:62:b6:a2:e5:d0:f5:fa:28:3d:
d3:30:30:89:8f:d1:ae:df:e9:09:ee:a0:b0:a5:a5:
a4:e5:93:97:7e:e6:0b:09:70:4c:62:99:5e:7d:45:
2f:fd:21:5a:31:d9:26:7f:39:5f:6e:eb:36:02:4e:
18:99:1b:38:13:99:f5:f3:a3:6b:93:83:67:fb:58:
67:d4:07:eb:e3:2f:31:b3:97:8f:f6:86:1f:15:08:
1a:4b:b5:a8:06:97:72:9c:74:ab:53:1f:ac:ee:fb:
59:03:39:a6:5c:a8:77:43:c0:2c:14:60:0e:71:3d:
70:b6:59:09:40:86:04:54:bf
prime2:
00:da:f0:73:2c:bd:52:a5:0d:9a:40:c4:34:fc:c9:
cf:0f:67:8a:02:01:ca:e7:b8:4e:57:da:0c:0d:b2:
f9:f3:f2:e4:4c:82:61:aa:04:2c:88:39:18:bd:86:
d6:dc:d0:e9:6c:c6:6f:d9:87:59:57:9b:1a:6b:c9:
56:c1:4d:33:ce:3e: