#!/bin/bash
chopenssl() {
MYOPENSSL=/etc/pki/tls/openssl.cnf
sed -i 's@../../CA@/etc/pki/CA@g' $MYOPENSSL
sed -i 's@= GB@= CN@g' $MYOPENSSL
sed -i 's@= Berkshire@= Henan@g' $MYOPENSSL
sed -i 's@= Newbury@= Zhengzhou@g' $MYOPENSSL
sed -i 's@= My Company Ltd@= RHCE@g' $MYOPENSSL
}
makeca() {
cd /etc/pki/CA
openssl genrsa 1024 > private/cakey.pem
openssl req -new -x509 -key private/cakey.pem -out cacert.pem -days 3655
mkdir certs newcerts crl &> /dev/null
touch index.txt serial
echo 01 > serial
}
panduan() {
cd /etc/pki/CA
for I in index* serial* ;do
if [ -e $I ]; then
rm -rf $I
fi
done
}
getcert() {
mkdir -pv /etc/$FUWU/ssl &> /dev/null
cd /etc/$FUWU/ssl
openssl genrsa 1024 > $FUWU.key
openssl req -new -key $FUWU.key -out $FUWU.csr
openssl ca -in $FUWU.csr -out $FUWU.crt -days 3655
\rm $FUWU.csr
cp /etc/pki/CA/cacert.pem .
chmod 600 ./*
}
chopenssl
panduan
makeca
read -p "Please give your service:" FUWU
getcert
