1.修改生成安装包文件名
2.修改生成实体证书脚本,增加SAN
This commit is contained in:
fengweihao
@@ -13,7 +13,7 @@ do_help()
|
||||
{
|
||||
echo "./signssl -type cert_name -cafrom ca_name -cakeyfrom key_name"
|
||||
echo "usage: ./signssl args"
|
||||
echo " -type cert_name - input type (-middle, -entity)"
|
||||
echo " -type cert_name - input type (-caroot -middle, -entity)"
|
||||
echo " -cafrom ca_name - input ca_name (root certificate)"
|
||||
echo " -cakeyfrom key_name - input key_name (the root keys)"
|
||||
exit
|
||||
@@ -37,6 +37,10 @@ do_check()
|
||||
do_help
|
||||
exit
|
||||
fi
|
||||
|
||||
if [ "$type_name" == "-caroot" ]; then
|
||||
return
|
||||
fi
|
||||
if [ "$caform" != "-cafrom" ] || [ "$caname" == "" ]; then
|
||||
echo "root certificate name is unkone!"
|
||||
do_help
|
||||
@@ -68,14 +72,30 @@ do_entity()
|
||||
fi
|
||||
openssl genrsa -out ${name}.pem 1024
|
||||
openssl rsa -in ${name}.pem -out ${name}.key
|
||||
openssl req -new -key ${name}.pem -out ${name}.csr
|
||||
openssl x509 -req -days 365 -sha256 -extfile /etc/pki/tls/openssl.cnf -extensions v3_req -CA ${caname} -CAkey ${cakey} -CAserial ca.srl -CAcreateserial -in ${name}.csr -out ${name}.cer
|
||||
|
||||
openssl req -new -sha256 -key ${name}.key -reqexts SAN -config <(cat /etc/pki/tls/openssl.cnf <(printf "[SAN]\nsubjectAltName=DNS:*.${name}.com,DNS:*.${name}.cn")) -out ${name}.csr
|
||||
|
||||
openssl ca -in ${name}.csr -md sha256 -keyfile ${cakey} -cert ${caname} -extensions SAN -config <(cat /etc/pki/tls/openssl.cnf <(printf "[SAN]\nsubjectAltName=DNS:*.${name}.com,DNS:*.${name}.cn")) -out ${name}.cer
|
||||
|
||||
|
||||
openssl pkcs12 -export -in ${name}.cer -inkey ${name}.key -chain -CAfile ${caname} -out ${name}.p12
|
||||
|
||||
mv ${name}.* entity
|
||||
}
|
||||
|
||||
do_caroot()
|
||||
{
|
||||
if [ ! -d ".caroot" ];then
|
||||
mkdir caroot
|
||||
fi
|
||||
openssl genrsa -out ${name}.pem 1024
|
||||
openssl rsa -in ${name}.pem -out ${name}.key
|
||||
openssl req -new -key ${name}.pem -out ${name}.csr
|
||||
openssl x509 -req -days 365 -sha256 -extfile /etc/pki/tls/openssl.cnf -extensions v3_ca -signkey ${name}.pem -in ${name}.csr -out ${name}.cer
|
||||
|
||||
mv ${name}.* caroot
|
||||
}
|
||||
|
||||
do_signssl()
|
||||
{
|
||||
if [ "$type_name" == "-middle" ]; then
|
||||
@@ -86,6 +106,10 @@ do_signssl()
|
||||
do_entity
|
||||
exit
|
||||
fi
|
||||
if [ "$type_name" == "-caroot" ]; then
|
||||
do_caroot
|
||||
exit
|
||||
fi
|
||||
}
|
||||
|
||||
do_check
|
||||
|
||||
@@ -1,5 +1,7 @@
|
||||
X=CertStore-Base-$2
|
||||
#X=CertStore-Base-$2
|
||||
X=certstore
|
||||
|
||||
typeset -l version
|
||||
version=`lsb_release -i -s`
|
||||
version_id=`lsb_release -r -s`
|
||||
machine=`uname -m`
|
||||
@@ -19,7 +21,7 @@ do_copy(){
|
||||
cp ../conf/ $X -rf
|
||||
cp ../ca/* $X/cert
|
||||
cp ../rule/ $X -rf
|
||||
cp ../src/cert_store $X/certstore1.0
|
||||
cp ../src/cert_store $X/certstore
|
||||
cp ../src/package/* $X
|
||||
cp ../src/script/signssl.sh $X/tool
|
||||
cp ../src/script/x509 $X/tool
|
||||
|
||||
Reference in New Issue
Block a user