#!/bin/sh 
# create self-signed server certificate: 
read -p "Enter your domain [www.example.com]: " DOMAIN 
SUBJECTCA="/C=CN/ST=Guangzhong/L=Shenzhen/O=xxx os/OU=xxx/CN=$DOMAIN" 
SUBJECTSERVER="/C=CN/ST=Guangzhong/L=Shenzhen/O=xxx ltd/OU=xxx/CN=$DOMAIN"

echo '------ generate CA key'
openssl genrsa -out ca.key 2048 
echo '------ generate CSR' 
openssl req -new -subj $SUBJECTCA -days 36500 -key ca.key -out ca.csr 
echo '------ generate Self Signed certificate' 
openssl x509 -req -days 36500 -sha256 -signkey ca.key -in ca.csr -out ca.crt 
openssl x509 -text -noout -in ca.crt 


echo '------ generate private server key' 
openssl genrsa -out server.key 2048 
echo '------ generate server csr' 
openssl req -new -subj $SUBJECTSERVER -days 36500 -key server.key -out server.csr 
echo '------ generate server certificate' 
openssl x509 -req -in server.csr -days 36500 -CA ca.crt -CAkey ca.key -CAcreateserial -out server.crt 
openssl x509 -text -noout -in server.crt

chenjunbiao
425 声望15 粉丝