#!/bin/bash
#此脚本可用于搭建私有CA, 并且根据需要颁发的证书数量修改数组, 默认只颁发一个证书!
. /etc/init.d/functions
declare -A CERT_INFO
CERT_INFO=([subject0]="/O=heaven/CN=ca.god.com" \
[keyfile0]="cakey.pem" \
[crtfile0]="cacert.pem" \
[key0]=2048 \
[expire0]=3650 \
[serial0]=0 \
[subject1]="/C=CN/ST=hb/L=bj/O=good/CN=master.good.org" \
[keyfile1]="master.key" \
[crtfile1]="master.crt" \
[key1]="2048" \
[expire1]=365 \
[serial1]=1 \
[csrfile1]="master.csr" )
COLOR="echo -e \\E[1;32m]"
END="\\E[0m"
DIR=/data/cert
cd $DIR
for i in {0..1};do
if [ $i -eq 0 ]; then
openssl req -x509 -newkey rsa:${CERT_INFO[key${i}]} -subj ${CERT_INFO[subject${i}]} \
-set_serial ${CERT_INFO[serial${i}]} -keyout ${CERT_INFO[keyfile${i}]} -nodes \
-days ${CERT_INFO[expire${i}]} -out ${CERT_INFO[crtfile${i}]} &> /dev/null
else
openssl req -newkey rsa:${CERT_INFO[key${i}]} -nodes -subj ${CERT_INFO[subject${i}]} \
-keyout ${CERT_INFO[keyfile${i}]} -out ${CERT_INFO[csrfile${i}]} &> /dev/null
openssl x509 -req -in ${CERT_INFO[csrfile${i}]} -CA ${CERT_INFO[crtfile0]} \
-CAkey ${CERT_INFO[keyfile0]} -set_serial ${CERT_INFO[serial${i}]} \
-days ${CERT_INFO[expire${i}]} -out ${CERT_INFO[crtfile${i}]} &> /dev/null
fi
$COLOR"*************************************生成证书信息************************************"$END
openssl x509 -in ${CERT_INFO[crtfile${i}]} -noout -subject -dates -serial
echo
done
chmod 600 /data/cert/*.key
action "证书生成完成"
$COLOR"*********************************************生成证书文件如下************************"$END
echo "证书存放目录: "$DIR
echo "证书文件列表: "`ls $DIR`
网友评论