reatang · January 8, 2018 09:55 · reatang · Jan 8, 2018
diff --git a/ssl_crt_build.sh b/ssl_crt_build.sh
 #!/bin/bash

 # 创建签名配置
 cat>$1.conf<<EOF
 [req]
 distinguished_name = req_distinguished_name
 req_extensions = v3_req

 [req_distinguished_name]
 countryName = Country Name (2 letter code)
 countryName_default = US
 stateOrProvinceName = State or Province Name (full name)
 stateOrProvinceName_default = MN
 localityName = Locality Name (eg, city)
 localityName_default = Minneapolis
 organizationalUnitName	= Organizational Unit Name (eg, section)
 organizationalUnitName_default	= Domain Control Validated
 commonName = Internet Widgits Ltd
 commonName_max	= 64

 [ v3_req ]
 # Extensions to add to a certificate request
 basicConstraints = CA:FALSE
 keyUsage = nonRepudiation, digitalSignature, keyEncipherment
 subjectAltName = @alt_names

 [alt_names]
 DNS.1 = $1
 DNS.2 = *.$1
 EOF

 # 生成私钥
 openssl genrsa -out $1.key 2048

 # 创建签名申请
 openssl req -new -key $1.key -out $1.csr -subj "/C=/ST=/O=/localityName=/commonName=*.${1}/organizationalUnitName=/emailAddress=/" -config $1.conf -passin pass:

 # 创建证书
 openssl x509 -req -days 365 -in $1.csr -signkey $1.key -out $1.crt -extensions v3_req -extfile $1.conf

 # 创建完成

 echo '创建完成, 请将相应的秘钥文件放入nginx, 并且配置相应网站的ssl配置：'
 echo "ssl_certificate $1.crt";
 echo "ssl_certificate_key $1.key";

 exit 0
	#!/bin/bash

	# 创建签名配置
	cat>$1.conf<<EOF
	[req]
	distinguished_name = req_distinguished_name
	req_extensions = v3_req

	[req_distinguished_name]
	countryName = Country Name (2 letter code)
	countryName_default = US
	stateOrProvinceName = State or Province Name (full name)
	stateOrProvinceName_default = MN
	localityName = Locality Name (eg, city)
	localityName_default = Minneapolis
	organizationalUnitName = Organizational Unit Name (eg, section)
	organizationalUnitName_default = Domain Control Validated
	commonName = Internet Widgits Ltd
	commonName_max = 64

	[ v3_req ]
	# Extensions to add to a certificate request
	basicConstraints = CA:FALSE
	keyUsage = nonRepudiation, digitalSignature, keyEncipherment
	subjectAltName = @alt_names

	[alt_names]
	DNS.1 = $1
	DNS.2 = *.$1
	EOF

	# 生成私钥
	openssl genrsa -out $1.key 2048

	# 创建签名申请
	openssl req -new -key $1.key -out $1.csr -subj "/C=/ST=/O=/localityName=/commonName=*.${1}/organizationalUnitName=/emailAddress=/" -config $1.conf -passin pass:

	# 创建证书
	openssl x509 -req -days 365 -in $1.csr -signkey $1.key -out $1.crt -extensions v3_req -extfile $1.conf

	# 创建完成

	echo '创建完成, 请将相应的秘钥文件放入nginx, 并且配置相应网站的ssl配置：'
	echo "ssl_certificate $1.crt";
	echo "ssl_certificate_key $1.key";

	exit 0