ssl安全证书制作过程

#!/bin/bash

function read_node_info_config

{

key=$1

grep -v '^#' crt_node_info.conf | grep $key | cut -d'=' -f2

}

function check_config

{

test -n "2" \|\| { test -n "3" && { echo "Set 1 to default value 3"; eval "1=3"; } || { echo "Missing $1 config"; exit 9; } }

}

function create_xxx_ca

{

create ca.key

openssl genrsa -aes256 -passout pass:{CA_pass} -out {ca_dir}/ca.key 2048

openssl req -subj /C=CN/ST=ZJ/L=HZ/O=companyname/OU=DT/CN={project_name}/emailAddress=ca@xxx.com -new -key {ca_dir}/ca.key -passin pass:{CA_pass} -out {ca_dir}/ca.req

create ca.crt

openssl x509 -req -in {ca_dir}/ca.req -signkey {ca_dir}/ca.key -passin pass:{CA_pass} -days 3650 -out {ca_dir}/ca.crt

}

function init_env

{

if [ ! -r ./crt_node_info.conf ]; then

echo "Create crt_node_info.conf first."

return 1

fi

crt_node_type=`read_node_info_config crt_node_type`

project_name=`read_node_info_config project_name`

xxx_type=`read_node_info_config xxx_type`

node_names=`read_node_info_config node_name`

prefix_name=`read_node_info_config prefix_name`

name_count=`read_node_info_config name_count`

crt_expiration_days=`read_node_info_config crt_expiration_days`

CA_pass=`read_node_info_config CA_pass`

CA_path=`read_node_info_config CA_path`

cert_ST=`read_node_info_config cert_ST`

cert_L=`read_node_info_config cert_L`

cert_O=`read_node_info_config cert_O`

cert_CN=`read_node_info_config cert_CN`

#cert_Email=`read_node_info_config cert_Email`

cert_Title=`read_node_info_config cert_Title`

check_config CA_pass "$CA_pass" "123xxx"

check_config prefix_name "prefix_name" "crt_node_type"

check_config name_count "$name_count" "0"

cert_Email="@xxxpri.com"

if [ ${xxx_type} == "XXX_Public" ]; then

cert_Email="@xxxpub.com"

fi

#parse node names to a list

OLD_IFS="$IFS"

IFS=","

node_name_list=(${node_names})

IFS="$OLD_IFS"

echo ${node_name_list[*]}

ca_dir=${CA_path}

if [ ! -f ${ca_dir}/ca.key ]; then

if [ ! -d ${ca_dir} ]; then

mkdir -p ${ca_dir} >/dev/null 2>>/dev/null

fi

create_xxx_ca

if [ $? -ne 0 ]; then

echo "create xxx ca failed."

return 1

fi

fi

return 0

}

function create_xxx_server_cert

{

cert_dir=`pwd`

create server.key

openssl genrsa 2048 | openssl pkcs8 -topk8 -nocrypt -out {cert_dir}/xx_server_1.key

create csr file

openssl req -subj /C=CN/ST={cert_ST}/L={cert_L}/O={cert_O}/OU={crt_node_type}/CN=1/emailAddress=1{cert_Email} -new -key {cert_dir}/xx_server_1.key -out {cert_dir}/xx_server_$1.csr

create server.crt

openssl x509 -req -days {crt_expiration_days} -in {cert_dir}/xx_server_1.csr -CA {ca_dir}/ca.crt -CAkey {ca_dir}/ca.key -CAcreateserial -passin pass:{CA_pass} -out {cert_dir}/xx_server_1.crt

}

function create_chain_node_cert

{

chain_cert_dir=`pwd`

create chain_node.key

openssl genrsa 2048 | openssl pkcs8 -topk8 -nocrypt -out {chain_cert_dir}/tn_client_chain_node_1.key

create csr file

openssl req -subj /C=CN/ST={cert_ST}/L={cert_L}/O={cert_O}/OU={crt_node_type}/title={cert_Title}/CN=1/emailAddress=1{cert_Email} -new -key {chain_cert_dir}/xx_client_chain_node_1.key -out {chain_cert_dir}/xx_client_chain_node_1.csr

create chain_node.crt

openssl x509 -req -days {crt_expiration_days} -in {chain_cert_dir}/xx_client_chain_node_1.csr -CA {ca_dir}/ca.crt -CAkey {ca_dir}/ca.key -CAcreateserial -passin pass:{CA_pass} -out {chain_cert_dir}/xx_client_chain_node_1.crt

}

function create_xxx_agent_cert

{

ba_cert_dir=`pwd`

create ect key

openssl genrsa 2048 | openssl pkcs8 -topk8 -nocrypt -out {ba_cert_dir}/xx_client_ba_1.key

create csr file

openssl req -subj /C=CN/ST={cert_ST}/L={cert_L}/O={cert_O}/OU={crt_node_type}/title={cert_Title}/CN=1/emailAddress=1{cert_Email} -new -key {ba_cert_dir}/xx_client_ba_1.key -out {ba_cert_dir}/xx_client_ba_1.csr

create ect crt

openssl x509 -req -days {crt_expiration_days} -in {ba_cert_dir}/xx_client_ba_1.csr -CA {ca_dir}/ca.crt -CAkey {ca_dir}/ca.key -CAcreateserial -passin pass:{CA_pass} -out {ba_cert_dir}/xx_client_ba_1.crt

}

function main {

1 init dir, var, CA

echo "1) init environment."

init_env

if [ $? -ne 0 ]; then

return 1

fi

echo "2) create crt..."

#xxx_server, xxx_agent, chain_node;

if [ ${crt_node_type} == "xxx_server" ]; then

for((i=0; i<${#node_name_list[@]}; ++i)); do

create_xxx_server_cert {node_name_list\[{i}]}

if [ $? -ne 0 ]; then

echo "create {node_name_list\[{i}]} crt failed."

fi

done

elif [ ${crt_node_type} == "chain_node" ]; then

for((i=0; i<${#node_name_list[@]}; ++i)); do

create_chain_node_cert {node_name_list\[{i}]}

if [ $? -ne 0 ]; then

echo "create {node_name_list\[{i}]} crt failed."

fi

done

elif [ ${crt_node_type} == "xxx_agent" ]; then

if [ ${name_count} -gt 0 ]; then

for((i=1; i<=${name_count}; ++i)); do

node_name={prefix_name}i

create_xxx_agent_cert ${node_name}

if [ $? -ne 0 ]; then

echo "create ${node_name} crt failed."

fi

done

else

for((i=0; i<${#node_name_list[@]}; ++i)); do

create_xxx_agent_cert {node_name_list\[{i}]}

if [ $? -ne 0 ]; then

echo "create {node_name_list\[{i}]} crt failed."

fi

done

fi

fi

echo "create crt completed."

return 0

}

main $*

相关推荐
万少16 分钟前
第五款 HarmonyOS 上架作品 奇趣故事匣 来了
前端·harmonyos·客户端
蓝澈112118 分钟前
迪杰斯特拉算法之解决单源最短路径问题
java·数据结构
OpenGL21 分钟前
Android targetSdkVersion升级至35(Android15)相关问题
前端
Kali_0725 分钟前
使用 Mathematical_Expression 从零开始实现数学题目的作答小游戏【可复制代码】
java·人工智能·免费
rzl0237 分钟前
java web5(黑马)
java·开发语言·前端
Amy.Wang38 分钟前
前端如何实现电子签名
前端·javascript·html5
海天胜景40 分钟前
vue3 el-table 行筛选 设置为单选
javascript·vue.js·elementui
今天又在摸鱼41 分钟前
Vue3-组件化-Vue核心思想之一
前端·javascript·vue.js
蓝婷儿43 分钟前
每天一个前端小知识 Day 21 - 浏览器兼容性与 Polyfill 策略
前端
百锦再1 小时前
Vue中对象赋值问题:对象引用被保留,仅部分属性被覆盖
前端·javascript·vue.js·vue·web·reactive·ref