ssl安全证书制作过程

#!/bin/bash

function read_node_info_config

{

key=$1

grep -v '^#' crt_node_info.conf | grep $key | cut -d'=' -f2

}

function check_config

{

test -n "2" \|\| { test -n "3" && { echo "Set 1 to default value 3"; eval "1=3"; } || { echo "Missing $1 config"; exit 9; } }

}

function create_xxx_ca

{

create ca.key

openssl genrsa -aes256 -passout pass:{CA_pass} -out {ca_dir}/ca.key 2048

openssl req -subj /C=CN/ST=ZJ/L=HZ/O=companyname/OU=DT/CN={project_name}/emailAddress=ca@xxx.com -new -key {ca_dir}/ca.key -passin pass:{CA_pass} -out {ca_dir}/ca.req

create ca.crt

openssl x509 -req -in {ca_dir}/ca.req -signkey {ca_dir}/ca.key -passin pass:{CA_pass} -days 3650 -out {ca_dir}/ca.crt

}

function init_env

{

if [ ! -r ./crt_node_info.conf ]; then

echo "Create crt_node_info.conf first."

return 1

fi

crt_node_type=`read_node_info_config crt_node_type`

project_name=`read_node_info_config project_name`

xxx_type=`read_node_info_config xxx_type`

node_names=`read_node_info_config node_name`

prefix_name=`read_node_info_config prefix_name`

name_count=`read_node_info_config name_count`

crt_expiration_days=`read_node_info_config crt_expiration_days`

CA_pass=`read_node_info_config CA_pass`

CA_path=`read_node_info_config CA_path`

cert_ST=`read_node_info_config cert_ST`

cert_L=`read_node_info_config cert_L`

cert_O=`read_node_info_config cert_O`

cert_CN=`read_node_info_config cert_CN`

#cert_Email=`read_node_info_config cert_Email`

cert_Title=`read_node_info_config cert_Title`

check_config CA_pass "$CA_pass" "123xxx"

check_config prefix_name "prefix_name" "crt_node_type"

check_config name_count "$name_count" "0"

cert_Email="@xxxpri.com"

if [ ${xxx_type} == "XXX_Public" ]; then

cert_Email="@xxxpub.com"

fi

#parse node names to a list

OLD_IFS="$IFS"

IFS=","

node_name_list=(${node_names})

IFS="$OLD_IFS"

echo ${node_name_list[*]}

ca_dir=${CA_path}

if [ ! -f ${ca_dir}/ca.key ]; then

if [ ! -d ${ca_dir} ]; then

mkdir -p ${ca_dir} >/dev/null 2>>/dev/null

fi

create_xxx_ca

if [ $? -ne 0 ]; then

echo "create xxx ca failed."

return 1

fi

fi

return 0

}

function create_xxx_server_cert

{

cert_dir=`pwd`

create server.key

openssl genrsa 2048 | openssl pkcs8 -topk8 -nocrypt -out {cert_dir}/xx_server_1.key

create csr file

openssl req -subj /C=CN/ST={cert_ST}/L={cert_L}/O={cert_O}/OU={crt_node_type}/CN=1/emailAddress=1{cert_Email} -new -key {cert_dir}/xx_server_1.key -out {cert_dir}/xx_server_$1.csr

create server.crt

openssl x509 -req -days {crt_expiration_days} -in {cert_dir}/xx_server_1.csr -CA {ca_dir}/ca.crt -CAkey {ca_dir}/ca.key -CAcreateserial -passin pass:{CA_pass} -out {cert_dir}/xx_server_1.crt

}

function create_chain_node_cert

{

chain_cert_dir=`pwd`

create chain_node.key

openssl genrsa 2048 | openssl pkcs8 -topk8 -nocrypt -out {chain_cert_dir}/tn_client_chain_node_1.key

create csr file

openssl req -subj /C=CN/ST={cert_ST}/L={cert_L}/O={cert_O}/OU={crt_node_type}/title={cert_Title}/CN=1/emailAddress=1{cert_Email} -new -key {chain_cert_dir}/xx_client_chain_node_1.key -out {chain_cert_dir}/xx_client_chain_node_1.csr

create chain_node.crt

openssl x509 -req -days {crt_expiration_days} -in {chain_cert_dir}/xx_client_chain_node_1.csr -CA {ca_dir}/ca.crt -CAkey {ca_dir}/ca.key -CAcreateserial -passin pass:{CA_pass} -out {chain_cert_dir}/xx_client_chain_node_1.crt

}

function create_xxx_agent_cert

{

ba_cert_dir=`pwd`

create ect key

openssl genrsa 2048 | openssl pkcs8 -topk8 -nocrypt -out {ba_cert_dir}/xx_client_ba_1.key

create csr file

openssl req -subj /C=CN/ST={cert_ST}/L={cert_L}/O={cert_O}/OU={crt_node_type}/title={cert_Title}/CN=1/emailAddress=1{cert_Email} -new -key {ba_cert_dir}/xx_client_ba_1.key -out {ba_cert_dir}/xx_client_ba_1.csr

create ect crt

openssl x509 -req -days {crt_expiration_days} -in {ba_cert_dir}/xx_client_ba_1.csr -CA {ca_dir}/ca.crt -CAkey {ca_dir}/ca.key -CAcreateserial -passin pass:{CA_pass} -out {ba_cert_dir}/xx_client_ba_1.crt

}

function main {

1 init dir, var, CA

echo "1) init environment."

init_env

if [ $? -ne 0 ]; then

return 1

fi

echo "2) create crt..."

#xxx_server, xxx_agent, chain_node;

if [ ${crt_node_type} == "xxx_server" ]; then

for((i=0; i<${#node_name_list[@]}; ++i)); do

create_xxx_server_cert {node_name_list\[{i}]}

if [ $? -ne 0 ]; then

echo "create {node_name_list\[{i}]} crt failed."

fi

done

elif [ ${crt_node_type} == "chain_node" ]; then

for((i=0; i<${#node_name_list[@]}; ++i)); do

create_chain_node_cert {node_name_list\[{i}]}

if [ $? -ne 0 ]; then

echo "create {node_name_list\[{i}]} crt failed."

fi

done

elif [ ${crt_node_type} == "xxx_agent" ]; then

if [ ${name_count} -gt 0 ]; then

for((i=1; i<=${name_count}; ++i)); do

node_name={prefix_name}i

create_xxx_agent_cert ${node_name}

if [ $? -ne 0 ]; then

echo "create ${node_name} crt failed."

fi

done

else

for((i=0; i<${#node_name_list[@]}; ++i)); do

create_xxx_agent_cert {node_name_list\[{i}]}

if [ $? -ne 0 ]; then

echo "create {node_name_list\[{i}]} crt failed."

fi

done

fi

fi

echo "create crt completed."

return 0

}

main $*

相关推荐
Alo3656 分钟前
antd 组件部分API使用方法
前端
hhua01239 分钟前
理解“无界队列”与“有界队列”及其适用场景
java·队列
BillKu9 分钟前
Vue3数组去重方法总结
前端·javascript·vue.js
GDAL12 分钟前
Object.freeze() 深度解析:不可变性的实现与实战指南
javascript·freeze
LZQqqqqo13 分钟前
C# 接口(interface 定义接口的关键字)
java·开发语言·c#
寒水馨20 分钟前
Java 9 新特性解析
java·开发语言·新特性·java9·jdk9
SimonKing26 分钟前
甩掉手动赋值!MyBatis-Plus 自动填充实战秘籍
java·后端·程序员
江城开朗的豌豆30 分钟前
Vue+JSX真香现场:告别模板语法,解锁新姿势!
前端·javascript·vue.js
这里有鱼汤38 分钟前
首个支持A股的AI多智能体金融系统,来了
前端·python
袁煦丞39 分钟前
5分钟搭建高颜值后台!SoybeanAdmin:cpolar内网穿透实验室第648个成功挑战
前端·程序员·远程工作