./cert-tool.sh ca 365
./cert-tool.sh server 365
#!/bin/bash
mkdir -p cert-tool
cd cert-tool
if [ -n "$2" ]; then
day=$2
else
day=10000
fi
clear_old(){
rm -f cert-tool/*
}
read -p "rm cert-tool/server*? [Y/n]" input
case $input in
Y)
clear_old
;;
y)
clear_old
;;
esac
ca(){
openssl genrsa -out ca.key 2048
openssl req -new -sha256 -out ca.csr -key ca.key -config openssl.cnf
openssl x509 -req -in ca.csr -out ca.crt -signkey ca.key -days $day
openssl x509 -in ca.crt -noout -text
}
server(){
openssl genrsa -out server.key 2048
openssl req -new -sha256 -out server.csr -key server.key -config openssl.cnf
openssl x509 -req -in server.csr -CA ca.crt -CAkey ca.key -CAcreateserial -out server.crt -days $day -extensions v3_req -extfile openssl.cnf
openssl x509 -in server.crt -noout -text
}
cat > openssl.cnf <<EOF
[ req ]
distinguished_name = req_distinguished_name
req_extensions = v3_req
[ req_distinguished_name ]
countryName = Country Name (2 letter code)
countryName_default = CN
organizationalUnitName = Organizational Unit Name (eg, section)
organizationalUnitName_default = Root Group
commonName = Common Name (eg, your name or your server\'s hostname)
commonName_max = 64
commonName_default = Private Root CA
[ v3_req ]
subjectAltName = @alt_names
[alt_names]
DNS.1 = *.deployconfig-operator-system.svc
DNS.2 = *.deployconfig-operator-system.svc.cluster.local
EOF
case $1 in
ca) ca
;;
server) server
;;
*)
echo "$0 ca|server"
;;
esac
本文章为转载内容,我们尊重原作者对文章享有的著作权。如有内容错误或侵权问题,欢迎原作者联系我们进行内容更正或删除文章。
