bash脚本创建syslog-ng tls ca证书

#!/bin/bash

cnname=$1
if [ "X"$cnname = "X" ]; then
cnname="Local"
fi

#ca
openssl genrsa -aes256 -passout pass:123456 -out ca_rsa_private.key 2048
openssl req -new -x509 -days 365 -key ca_rsa_private.key -passin pass:123456 -out ca.crt -subj "/C=CN/ST=BJ/L=bj"

#client
openssl genrsa -aes256 -passout pass:123456 -out client.key 2048
openssl req -new -key client.key -passin pass:123456 -out client.csr -subj "/C=CN/ST=BJ/L=bj/CN=${cnname}"
openssl x509 -req -days 365 -in client.csr -CA ca.crt -CAkey ca_rsa_private.key -passin pass:123456 -CAcreateserial -out client.crt

#servel
openssl genrsa -aes256 -passout pass:123456 -out server.key 2048
openssl req -new -key server.key -passin pass:123456 -out server.csr -subj "/C=CN/ST=BJ/L=bj/CN=${cnname}"
openssl x509 -req -days 365 -in server.csr -CA ca.crt -CAkey ca_rsa_private.key -passin pass:123456 -CAcreateserial -out server.crt

#hash
openssl x509 -noout -hash -in ca.crt

#delete key password
openssl rsa -in client.key -passin pass:123456 -out client.key.unsecure
mv client.key client.key.secure
mv client.key.unsecure client.key

openssl rsa -in server.key -passin pass:123456 -out server.key.unsecure
mv server.key server.key.secure
mv server.key.unsecure server.key

#show info
#openssl x509 -in server.crt -noout -text

#create pkck12
openssl pkcs12 -export -in client.crt -inkey client.key -certfile ca.crt -passout pass:123456 -descert -out client.pfx

echo "p12 file import password: 123456"

posted @ 2021-11-15 23:54 kitiz 阅读(146) 评论(0) 收藏举报

刷新页面返回顶部

kitiz

bash脚本创建syslog-ng tls ca证书

公告