Created
November 19, 2021 19:03
-
-
Save Ran-Xing/241601edf903f3ddadfb75047d0a00d5 to your computer and use it in GitHub Desktop.
ssl_tools
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| [ ca ] | |
| default_ca = CA_default | |
| [ CA_default ] | |
| default_md = sha256 | |
| [ v3_ca ] | |
| subjectKeyIdentifier=hash | |
| authorityKeyIdentifier=keyid:always,issuer | |
| basicConstraints = critical,CA:true | |
| [ req ] | |
| distinguished_name = req_distinguished_name | |
| [ req_distinguished_name ] | |
| countryName = HK | |
| countryName_default = HK | |
| countryName_min = 2 | |
| countryName_max = 2 | |
| stateOrProvinceName = stoN | |
| stateOrProvinceName_default = stoN | |
| localityName = locN | |
| localityName_default = locN | |
| 0.organizationName = orgN | |
| 0.organizationName_default = orgN | |
| # we can do this but it is not needed normally :-) | |
| #1.organizationName = Second Organization Name (eg, company) | |
| #1.organizationName_default = World Wide Web Pty Ltd | |
| organizationalUnitName = oruN | |
| organizationalUnitName_default = oruN | |
| commonName = comN | |
| commonName_default = comN | |
| commonName_max = 64 | |
| emailAddress = admin@emaA.com | |
| emailAddress_default = admin@emaA.com | |
| emailAddress_max = 64 |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| set -ex | |
| Echo_c(){ | |
| # shellcheck disable=SC2028 | |
| echo "\033[1;33m\n$1\n\033[0m" | |
| } | |
| Rand_Name(){ | |
| openssl rand -base64 10 | md5sum | cut -c1-10 | |
| } | |
| passwd=$@ | |
| echo $passwd | |
| Gen_Cert(){ | |
| SHELL_FOLDER=$(pwd) | |
| rm -rf "$SHELL_FOLDER" | |
| mkdir "$SHELL_FOLDER" | |
| Echo_c "Generate $SHELL_FOLDER/.rnd random file" | |
| openssl rand -writerand "$SHELL_FOLDER"/.rnd | |
| Echo_c "Generate random name" | |
| stateOrProvinceName=$(Rand_Name) | |
| localityName=$(Rand_Name) | |
| organizationName=$(Rand_Name) | |
| organizationalUnitName=$(Rand_Name) | |
| commonName=$(Rand_Name) | |
| emailAddress=$(Rand_Name) | |
| Echo_c "Generate CA certificate" | |
| cp "$SHELL_FOLDER"/openssl.cnf.env "$SHELL_FOLDER"/openssl.cnf | |
| sed -i "s/stoN/$stateOrProvinceName/g" "$SHELL_FOLDER"/openssl.cnf | |
| sed -i "s/locN/$localityName/g" "$SHELL_FOLDER"/openssl.cnf | |
| sed -i "s/orgN/$organizationName/g" "$SHELL_FOLDER"/openssl.cnf | |
| sed -i "s/oruN/$organizationalUnitName/g" "$SHELL_FOLDER"/openssl.cnf | |
| sed -i "s/comN/$commonName/g" "$SHELL_FOLDER"/openssl.cnf | |
| sed -i "s/emaA/$emailAddress/g" "$SHELL_FOLDER"/openssl.cnf | |
| # generate CA's key | |
| openssl genrsa -aes256 -passout pass:"$passwd" -out "$SHELL_FOLDER"/ca.key.pem 4096 | |
| openssl rsa -passin pass:"$passwd" -in "$SHELL_FOLDER"/ca.key.pem -out "$SHELL_FOLDER"/ca.key.pem.tmp | |
| mv "$SHELL_FOLDER"/ca.key.pem.tmp "$SHELL_FOLDER"/ca.key.pem | |
| openssl req -config "$SHELL_FOLDER"/openssl.cnf -key "$SHELL_FOLDER"/ca.key.pem -new -x509 -days 7300 -sha256 -extensions v3_ca -out "$SHELL_FOLDER"/ca.pem -subj "/C=HK/ST=$stateOrProvinceName/L=$localityName/O=$organizationName/OU=$organizationalUnitName/CN=$commonName/emailAddress=admin@$emailAddress.com" | |
| rm "$SHELL_FOLDER"/.rnd | |
| Echo_c "Configuration complete" | |
| } | |
| Gen_Cert |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment