#!/bin/sh
# create self-signed server certificate:
read -p "Enter your domain [www.example.com]: " DOMAIN
SUBJECTCA="/C=CN/ST=Guangzhong/L=Shenzhen/O=xxx os/OU=xxx/CN=$DOMAIN"
SUBJECTSERVER="/C=CN/ST=Guangzhong/L=Shenzhen/O=xxx ltd/OU=xxx/CN=$DOMAIN"
echo '------ generate CA key'
openssl genrsa -out ca.key 2048
echo '------ generate CSR'
openssl req -new -subj $SUBJECTCA -days 36500 -key ca.key -out ca.csr
echo '------ generate Self Signed certificate'
openssl x509 -req -days 36500 -sha256 -signkey ca.key -in ca.csr -out ca.crt
openssl x509 -text -noout -in ca.crt
echo '------ generate private server key'
openssl genrsa -out server.key 2048
echo '------ generate server csr'
openssl req -new -subj $SUBJECTSERVER -days 36500 -key server.key -out server.csr
echo '------ generate server certificate'
openssl x509 -req -in server.csr -days 36500 -CA ca.crt -CAkey ca.key -CAcreateserial -out server.crt
openssl x509 -text -noout -in server.crt
**粗体** _斜体_ [链接](http://example.com) `代码` - 列表 > 引用
。你还可以使用@
来通知其他用户。