Network Security Internet Technology Development Database Servers Mobile Phone Android Software Apple Software Computer Software News IT Information

In addition to Weibo, there is also WeChat

Please pay attention

WeChat public account

Shulou

Shell script implementation to generate SSL self-signed certificate

2025-01-28 Update From: SLTechnology News&Howtos shulou NAV: SLTechnology News&Howtos > Servers >

Share

Shulou(Shulou.com)06/02 Report--

This article mainly introduces the implementation of Shell script to generate SSL self-signed certificate. This article directly gives the implementation code, which contains a lot of comments. Friends who need it can refer to it.

A certificate is required to function properly after enabling mod_ssl for apache. Wrote a script to operate. The first step is to make sure that openssl is already on the machine.

The copy code is as follows:

#! / bin/sh

The root directory of the ssl certificate output.

SslOutputRoot= "/ etc/apache_ssl"

If [$#-eq 1]; then

SslOutputRoot=$1

Fi

If [!-d ${sslOutputRoot}]; then baby named http://www.bbqmw.net/qm_yeqm

Mkdir-p ${sslOutputRoot}

Fi

Cd ${sslOutputRoot}

Echo "starts creating the CA root certificate …"

Create the CA root certificate, which is later used to sign the certificate for the server. If it is through a commercial CA such as

If Verisign or Thawte sign the certificate, you don't need to create the root certificate yourself. Instead, you should

Post the contents of the server csr file generated later into an web table, pay the signing fee and

A certificate waiting to be signed. For more information about commercial CA, see:

Verisign-http://digitalid.verisign.com/server/apacheNotice.htm

Thawte Consulting-http://www.thawte.com/certs/server/request.html

CertiSign Certificadora Digital Ltda. -http://www.certisign.com.br

IKS GmbH-http://www.iks-jena.de/produkte/ca /

Uptime Commerce Ltd.-http://www.uptimecommerce.com

BelSign NV/SA-http://www.belsign.be

Generate the CA root certificate private key

Openssl genrsa-des3-out ca.key 1024

Generate CA root certificate

Fill in the fields as prompted, but note that Common Name is preferably a valid root domain name (such as zeali.net)

And cannot be exactly the same as the Common Name filled in the server certificate signing request file later, otherwise it will

Causes the certificate to appear when it is generated

Error 18 at 0 depth lookup:self signed certificate error

Openssl req-new-x509-days 365-key ca.key-out ca.crt

Echo "CA root certificate created."

Echo "starts to generate server certificate signing files and private keys..."

Generate server private key

Openssl genrsa-des3-out server.key 1024

Generate a server certificate signing request file. It is best for Common Name to fill in the full domain name using the certificate.

(for example, security.zeali.net)

Openssl req-new-key server.key-out server.csr

Ls-altrh ${sslOutputRoot} / server.*

Echo "server certificate signing file and private key generation completed."

Echo "starts signing server certificate signing documents with CA root certificate …"

Sign the server certificate and generate the server.crt file

See http://www.faqs.org/docs/securing/chap24sec195.html

Sign.sh START

Sign a SSL Certificate Request (CSR)

Copyright ©1998-1999 Ralf S. Engelschall, All Rights Reserved.

CSR=server.csr

Case $CSR in

* .csr) CERT= "echo $CSR | sed-e's /\ .csr / .crt /'"

) CERT= "$CSR.crt"

Esac

Make sure environment exists

If [!-d ca.db.certs]; then

Mkdir ca.db.certs

Fi

If [!-f ca.db.serial]; then

Echo '01' > ca.db.serial

Fi

If [!-f ca.db.index]; then

Cp / dev/null ca.db.index

Fi

Create an own SSLeay config

If you need to modify the validity period of the certificate, please modify the following default_days parameter.

The current setting is 10 years.

Cat > ca.config

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.

Views: 207

*The comments in the above article only represent the author's personal views and do not represent the views and positions of this website. If you have more insights, please feel free to contribute and share.

Share To

Servers

Wechat

© 2024 shulou.com SLNews company. All rights reserved.

12
Report