1.修改生成安装包文件名

2.修改生成实体证书脚本，增加SAN

src/package/Makefile

@@ -1,3 +1,4 @@
+SUBDIRS := cert  certstore  conf  r2_certstore  r3_certstore  rule  tool
 
 install:
 #	if [ ! -d "/usr/local/bin" ]; then mkdir -p "/usr/local/bin"; fi
@@ -6,16 +7,26 @@ install:
 #	cp -f etc/cert_store.ini 	  /usr/local/etc/
 #
 #	cp -f bin/cert_store /usr/local/bin/
-	chmod +x certstore1.0
+#	chmod +x certstore1.0
 #
 #	cp -f lib/*  /usr/local/lib/
 #	sudo ldconfig
+	if [ ! -d "/home/ceiec/certstore" ]; then mkdir -p "/home/ceiec/certstore"; fi
+	
+	chmod +x certstore r2_certstore r3_certstore
+	chmod +x tool/signssl.sh  tool/x509
+
+	for d in $(SUBDIRS); do \
+	cp -rf $$d /home/ceiec/certstore; \
+	done 
+
 update:
+	chmod +x certstore
+	cp -f certstore /home/ceiec/certstore
+
 #	cp -f bin/cert_server /usr/local/bin/
-	chmod +x certstore1.0
 
 uninstall:
-	rm -f  /usr/local/bin/cert_store
-	rm -rf /usr/local/etc/cert_store.ini  
+	rm -rf /home/ceiec/certstore
 
 

src/package/r2_certstore

@@ -0,0 +1,3 @@
+killall r3_certstore certstore
+./r3_certstore &> /dev/null &
+

src/package/r2_certstore1.0

@@ -1,3 +0,0 @@
-killall r3_certstore1.0 certstore1.0
-./r3_certstore1.0 &> /dev/null &
-

src/package/r3_certstore

@@ -11,7 +11,7 @@ while [ 1 ]; do
                 ulimit -c 0
         fi
 
-    ./certstore1.0 --normal > /dev/null
+    ./certstore --normal > /dev/null
 	echo program crashed, restart at `date +"%w %Y/%m/%d, %H:%M:%S"` >> RESTART.log
     sleep 10
 done

src/script/signssl.sh

@@ -13,7 +13,7 @@ do_help()
 {
 	echo "./signssl -type cert_name -cafrom ca_name -cakeyfrom key_name"
 	echo "usage: ./signssl args"
-	echo "  -type cert_name 	  - input type     (-middle, -entity)"
+	echo "  -type cert_name 	- input type     (-caroot -middle, -entity)"
 	echo "  -cafrom ca_name     - input ca_name  (root certificate)"
 	echo "  -cakeyfrom key_name - input key_name (the root keys)"
 	exit
@@ -37,6 +37,10 @@ do_check()
 		do_help
 		exit
     fi
+    
+	if [ "$type_name" == "-caroot" ]; then
+        return
+    fi
 	if [ "$caform" != "-cafrom" ] || [ "$caname" == "" ]; then
 		echo "root certificate name is unkone!"
 		do_help
@@ -68,14 +72,30 @@ do_entity()
 	fi
 	openssl genrsa -out ${name}.pem 1024
 	openssl rsa -in ${name}.pem -out ${name}.key
-	openssl req -new -key ${name}.pem -out ${name}.csr 
-	openssl x509 -req -days 365 -sha256 -extfile /etc/pki/tls/openssl.cnf -extensions v3_req -CA ${caname} -CAkey ${cakey} -CAserial ca.srl -CAcreateserial -in ${name}.csr -out ${name}.cer
+	
+	openssl req -new -sha256 -key ${name}.key -reqexts SAN -config <(cat /etc/pki/tls/openssl.cnf <(printf "[SAN]\nsubjectAltName=DNS:*.${name}.com,DNS:*.${name}.cn")) -out ${name}.csr
+	
+	openssl ca -in ${name}.csr -md sha256 -keyfile ${cakey} -cert ${caname} -extensions SAN -config <(cat /etc/pki/tls/openssl.cnf <(printf "[SAN]\nsubjectAltName=DNS:*.${name}.com,DNS:*.${name}.cn")) -out ${name}.cer
+	
 	
 	openssl pkcs12 -export -in ${name}.cer -inkey ${name}.key -chain -CAfile ${caname} -out ${name}.p12
 	
 	mv ${name}.*  entity
 }
 
+do_caroot()
+{
+	if [ ! -d ".caroot" ];then
+		mkdir caroot
+	fi
+    openssl genrsa -out ${name}.pem 1024
+    openssl rsa -in ${name}.pem -out ${name}.key
+    openssl req -new -key ${name}.pem -out ${name}.csr 
+    openssl x509 -req -days 365 -sha256 -extfile /etc/pki/tls/openssl.cnf -extensions v3_ca -signkey ${name}.pem -in ${name}.csr -out ${name}.cer
+
+	mv ${name}.*  caroot
+}
+
 do_signssl()
 {
 	if [ "$type_name" == "-middle" ]; then
@@ -86,6 +106,10 @@ do_signssl()
 		do_entity
 		exit
     fi
+	if [ "$type_name" == "-caroot" ]; then
+		do_caroot
+		exit
+    fi
 }
 
 do_check 

src/script/tarball.sh

@@ -1,5 +1,7 @@
-X=CertStore-Base-$2
+#X=CertStore-Base-$2
+X=certstore
 
+typeset -l version
 version=`lsb_release -i -s`
 version_id=`lsb_release -r -s`
 machine=`uname -m`
@@ -19,7 +21,7 @@ do_copy(){
     cp ../conf/ $X -rf
     cp ../ca/* $X/cert
     cp ../rule/ $X -rf
-    cp ../src/cert_store $X/certstore1.0
+    cp ../src/cert_store $X/certstore
     cp ../src/package/* $X
     cp ../src/script/signssl.sh $X/tool
     cp ../src/script/x509 $X/tool