脚本实现CA的制作以及证书的颁发

#!/bin/bash

sed -i 's@../../CA@/etc/pki/CA@g' /etc/pki/tls/openssl.cnf

cd /etc/pki/CA

openssl genrsa 1024 > private/cakey.pem

echo "CN

HN

ZZ

Linux

Tech

www.ca.com

ca@fan.com" | openssl req -new -x509 -key private/cakey.pem -out cacert.pem -days 3650

mkdir certs newcerts crL

touch index.txt serial

echo 01 > serial

read -p "Please input your service:" SERVICE

mkdir -pv /etc/$SERVICE/ssl

cd /etc/$SERVICE/ssl

openssl genrsa 1024 > $SERVICE.key

echo "

CN

HN

ZZ

Linux

Tech

www.a.com

a@fan.com" |openssl req -new -key $SERVICE.key -out $SERVICE.csr

openssl ca -in $SERVICE.csr -out $SERVICE.crt -days 3650

rm -rf $SERVICE.csr

cp /etc/pki/CA/cacert.pem .

chmod 600 ./*

本文出自 “Linux Study” 博客，请务必保留此出处http://chenxizhuimeng.blog.51cto.com/2516314/498566