1.添加自动生成中间证书及实体证书脚本文件signssl.sh
2.添加证书文件检测工具x509 3.修改配置文件注释
This commit is contained in:
fengweihao
94
src/script/signssl.sh
Normal file
94
src/script/signssl.sh
Normal file
@@ -0,0 +1,94 @@
|
||||
#!/bin/bash
|
||||
|
||||
type_name=$1
|
||||
name=$2
|
||||
|
||||
caform=$3
|
||||
caname=$4
|
||||
|
||||
cakeyform=$5
|
||||
cakey=$6
|
||||
|
||||
do_help()
|
||||
{
|
||||
echo "./signssl -type cert_name -cafrom ca_name -cakeyfrom key_name"
|
||||
echo "usage: ./signssl args"
|
||||
echo " -type cert_name - input type (-middle, -entity)"
|
||||
echo " -cafrom ca_name - input ca_name (root certificate)"
|
||||
echo " -cakeyfrom key_name - input key_name (the root keys)"
|
||||
exit
|
||||
}
|
||||
|
||||
do_mkdir()
|
||||
{
|
||||
if [ ! -d "./demoCA" ]; then
|
||||
mkdir demoCA
|
||||
mkdir ./demoCA/newcerts
|
||||
touch ./demoCA/index.txt
|
||||
touch ./demoCA/serial
|
||||
echo 0001 >> ./demoCA/serial
|
||||
fi
|
||||
}
|
||||
|
||||
do_check()
|
||||
{
|
||||
if [ "$type_name" == "" ]||[ "$name" == "" ]; then
|
||||
echo "certificate type is unkone!"
|
||||
do_help
|
||||
exit
|
||||
fi
|
||||
if [ "$caform" != "-cafrom" ] || [ "$caname" == "" ]; then
|
||||
echo "root certificate name is unkone!"
|
||||
do_help
|
||||
exit
|
||||
fi
|
||||
if [ "$cakeyform" != "-cakeyfrom" ] || [ "$cakey" == "" ]; then
|
||||
echo "root certificate keys is unkone!"
|
||||
do_help
|
||||
exit
|
||||
fi
|
||||
}
|
||||
|
||||
do_middle()
|
||||
{
|
||||
if [ ! -d "./middle" ]; then
|
||||
mkdir middle
|
||||
fi
|
||||
openssl genrsa -out ${name}.key 1024
|
||||
openssl req -new -key ${name}.key -out ${name}.csr
|
||||
openssl ca -extensions v3_ca -in ${name}.csr -out ${name}.pem -cert ${caname} -keyfile ${cakey} -days 365 -policy policy_anything
|
||||
openssl pkcs12 -export -in ${name}.pem -inkey ${name}.key -chain -CAfile ${caname} -out ${name}.p12
|
||||
mv ${name}.* middle
|
||||
}
|
||||
|
||||
do_entity()
|
||||
{
|
||||
if [ ! -d ".entity" ];then
|
||||
mkdir entity
|
||||
fi
|
||||
openssl genrsa -out ${name}.pem 1024
|
||||
openssl rsa -in ${name}.pem -out ${name}.key
|
||||
openssl req -new -key ${name}.pem -out ${name}.csr
|
||||
openssl x509 -req -days 365 -sha256 -extfile /etc/pki/tls/openssl.cnf -extensions v3_req -CA ${caname} -CAkey ${cakey} -CAserial ca.srl -CAcreateserial -in ${name}.csr -out ${name}.cer
|
||||
|
||||
openssl pkcs12 -export -in ${name}.cer -inkey ${name}.key -chain -CAfile ${caname} -out ${name}.p12
|
||||
|
||||
mv ${name}.* entity
|
||||
}
|
||||
|
||||
do_signssl()
|
||||
{
|
||||
if [ "$type_name" == "-middle" ]; then
|
||||
do_middle
|
||||
exit
|
||||
fi
|
||||
if [ "$type_name" == "-entity" ]; then
|
||||
do_entity
|
||||
exit
|
||||
fi
|
||||
}
|
||||
|
||||
do_check
|
||||
do_mkdir
|
||||
do_signssl
|
||||
|
||||
@@ -12,6 +12,7 @@ do_mkdir(){
|
||||
rm $X -rf
|
||||
mkdir $X
|
||||
mkdir $X/cert
|
||||
mkdir $X/tool
|
||||
}
|
||||
|
||||
do_copy(){
|
||||
@@ -20,6 +21,8 @@ do_copy(){
|
||||
cp ../rule/ $X -rf
|
||||
cp ../src/cert_store $X/certstore1.0
|
||||
cp ../src/package/* $X
|
||||
cp ../src/script/signssl.sh $X/tool
|
||||
cp ../src/script/x509 $X/tool
|
||||
}
|
||||
|
||||
do_tarball(){
|
||||
|
||||
BIN
src/script/x509
Normal file
BIN
src/script/x509
Normal file
Binary file not shown.
Reference in New Issue
Block a user