openssl 证书脚本

#!/bin/bash

# 检查是否提供了域名文件
if [ "$#" -ne 1 ]; then
    echo "Usage: $0 domains.txt"
    exit 1
fi

DOMAIN_FILE=$1

# 检查域名文件是否存在
if [ ! -f ${DOMAIN_FILE} ]; then
    echo "Domain file ${DOMAIN_FILE} does not exist."
    exit 1
fi

# 设置变量
DAYS=7300
KEY_FILE="cvessel.key"
CSR_FILE="cvessel.csr"
CERT_FILE="cvessel.crt"
CONFIG_FILE="cvessel.cnf"
SUBJECT="/C=US/ST=California/L=San Francisco/O=Example Inc."

# 生成私钥(如果私钥文件不存在)
if [ ! -f ${KEY_FILE} ]; then
    openssl genpkey -algorithm RSA -out ${KEY_FILE} -pkeyopt rsa_keygen_bits:2048
fi

# 创建 OpenSSL 配置文件
cat > ${CONFIG_FILE} <<EOL
[ req ]
default_bits       = 2048
default_keyfile    = ${KEY_FILE}
distinguished_name = req_distinguished_name
req_extensions     = req_ext
prompt             = no

[ req_distinguished_name ]
C  = US
ST = California
L  = San Francisco
O  = Example Inc.
CN = $(head -n 1 ${DOMAIN_FILE})

[ req_ext ]
subjectAltName = @alt_names

[ alt_names ]
EOL

# 添加域名到配置文件
i=1
while IFS= read -r domain; do
    echo "DNS.$i = *.$domain" >> ${CONFIG_FILE}
    i=$((i+1))
    echo "DNS.$i = $domain" >> ${CONFIG_FILE}
    i=$((i+1))
done < ${DOMAIN_FILE}

# 生成证书签名请求(CSR)
openssl req -new -key ${KEY_FILE} -out ${CSR_FILE} -config ${CONFIG_FILE}

# 自签名生成证书
openssl x509 -req -days ${DAYS} -in ${CSR_FILE} -signkey ${KEY_FILE} -out ${CERT_FILE} -extensions req_ext -extfile ${CONFIG_FILE}

# 清理配置文件
rm ${CONFIG_FILE}

echo "自签名的泛域名证书已生成:"
echo "私钥: ${KEY_FILE}"
echo "证书签名请求: ${CSR_FILE}"
echo "证书: ${CERT_FILE}"
©著作权归作者所有,转载或内容合作请联系作者
平台声明:文章内容(如有图片或视频亦包括在内)由作者上传并发布,文章内容仅代表作者本人观点,简书系信息发布平台,仅提供信息存储服务。

推荐阅读更多精彩内容