luwenpeng-certificate/sign.sh

#!/bin/bash

## 签发自签发证书：用于 TSG 各组件间加密通信

openssl ecparam -name secp256r1 -genkey -out key/self-sign.key # 使用椭圆曲线生成私钥
#./tool gen-key key/self-sign.key gdnt-cloud.com 2048 # 使用 RSA 生成私钥
./tool gen-csr csr/self-sign.csr gdnt-cloud.com conf/self-sign.conf key/self-sign.key
./tool self-sign crt/self-sign.crt gdnt-cloud.com 3650 sha256 req_v3_usr conf/self-sign.conf csr/self-sign.csr key/self-sign.key
./tool chain chain.pem gdnt-cloud.com crt/self-sign.crt

## 签发根证书，用于为 TSG/Nezha 界面的服务端签发证书

#openssl ecparam -name secp256r1 -genkey -out key/ca-root-for-e21.key # 使用椭圆曲线
./tool gen-key key/ca-root-for-e21.key gdnt-cloud.com 2048 # 使用 RSA
./tool gen-ca crt/ca-root-for-e21.crt gdnt-cloud.com conf/ca-root-for-e21.conf key/ca-root-for-e21.key

## 为 TSG 界面的服务端签发实体证书

#openssl ecparam -name secp256r1 -genkey -out key/tsg-entity-for-e21.key # 使用椭圆曲线
./tool gen-key key/tsg-entity-for-e21.key gdnt-cloud.com 2048 # 使用 RSA
./tool gen-csr csr/tsg-entity-for-e21.csr gdnt-cloud.com conf/tsg-entity-for-e21.conf key/tsg-entity-for-e21.key
./tool sign crt/tsg-entity-for-e21.crt gdnt-cloud.com 7299 sha256 req_v3_usr conf/tsg-entity-for-e21.conf csr/tsg-entity-for-e21.csr key/ca-root-for-e21.key crt/ca-root-for-e21.crt

## 为 Nezha 界面的服务端签发实体证书

#openssl ecparam -name secp256r1 -genkey -out key/nezha-entity-for-e21.key # 使用椭圆曲线
./tool gen-key key/nezha-entity-for-e21.key gdnt-cloud.com 2048 # 使用 RSA
./tool gen-csr csr/nezha-entity-for-e21.csr gdnt-cloud.com conf/nezha-entity-for-e21.conf key/nezha-entity-for-e21.key
./tool sign crt/nezha-entity-for-e21.crt gdnt-cloud.com 7299 sha256 req_v3_usr conf/nezha-entity-for-e21.conf csr/nezha-entity-for-e21.csr key/ca-root-for-e21.key crt/ca-root-for-e21.crt