脚本实现创建CA并颁发证书

#!/bin/bashchopenssl() {MYOPENSSL=/etc/pki/tls/openssl.cnfsed -i 's@../../CA@/etc/pki/CA@g' $MYOPENSSLsed -i 's@= GB@= CN@g' $MYOPENSSLsed -i 's@= Berkshire@= Henan@g' $MYOPENSSLsed -i 's@= Newbury@= Zhengzhou@g' $MYOPENSSLsed -i 's@= My Company Ltd@= RHCE@g' $MYOPENSSL}

makeca() {cd /etc/pki/CAopenssl genrsa 1024 > private/cakey.pemopenssl req -new -x509 -key private/cakey.pem -out cacert.pem -days 3655mkdir certs newcerts crl &> /dev/nulltouch index.txt serialecho 01 > serial}
panduan() { cd /etc/pki/CA for I in index* serial* ;do if [ -e $I ]; then rm -rf $I fi done}

getcert() { mkdir -pv /etc/$FUWU/ssl &> /dev/null cd /etc/$FUWU/ssl openssl genrsa 1024 > $FUWU.key openssl req -new -key $FUWU.key -out $FUWU.csr openssl ca -in $FUWU.csr -out $FUWU.crt -days 3655 \rm $FUWU.csr cp /etc/pki/CA/cacert.pem . chmod 600 ./*}

chopensslpanduanmakecaread -p "Please give your service:" FUWUgetcert

本文出自 “NEGIUP” 博客，请务必保留此出处http://negiup.blog.51cto.com/2348622/511593