hktaskin/sertifika_uretme.sh

## sertifika_uretme.sh
#!/bin/bash
# CA icin private key uret
sudo openssl genrsa -out ca.key 2048
# CA sertifikasini selfsigned olarak olustur
echo "------------------------------------------"
echo "         CA SERTIFIKA OLUSTURMA           "
echo "------------------------------------------"
sudo openssl req -new -x509 -key ca.key -out ca.crt
# Uygulama icin private key uret
sudo openssl genrsa -out cert1.key 2048
# Uygulama icin sertifika istegi (CSR) uret
echo "------------------------------------------"
echo "       UYGULAMA SERTIFIKA OLUSTURMA       "
echo "------------------------------------------"
sudo openssl req -new -key cert1.key -out cert1.csr
# CA key'i ile uygulama sertifika istegini isleme al ve CA imzali uygulama sertifikasini olustur.
sudo openssl x509 -req -in cert1.csr -CA ca.crt -CAkey ca.key -CAcreateserial -out cert1.crt
# X509v3 Subject Alternative Name alanini guncelleyerek CA imzali uygulama sertifikasini olustur.
sudo openssl x509 -req -extfile <(printf "subjectAltName=DNS:[FQDN]") -days 365 -in cert1.csr -CA ca.crt -CAkey ca.key -CAcreateserial -out cert1.crt
# Sertifika icerigini goruntule
# openssl x509 -in cert1.crt -text -noout
# CA sertifikasi ve cert1 key ve sertifikasini p12 formatinda kaydet
echo "------------------------------------------"
echo "         JAVA KEYSTORE OLUSTURMA          "
echo "            Password: changeme            "
echo "------------------------------------------"
sudo openssl pkcs12 -export -in cert1.crt -inkey cert1.key -out cert1.p12 -name cert1 -certfile ca.crt
# Java keystore olustur ve icine uygulama sertifikasi cert1'i ekle.
sudo keytool -importkeystore -srcstorepass changeme -srckeystore cert1.p12 -srcstoretype PKCS12 -deststorepass changeme -destkeystore keystore.jks -alias cert1
# Java keystore'a CA sertifikasini ekle ve guvenilir olmasini sec. uyari ekraninda yes yazilmali
sudo keytool -import -alias root -keystore keystore.jks -storepass changeme -trustcacerts -file ca.crt
sudo cp keystore.jks truststore.jks
echo "------------------------------------------"
echo "                  BITTI                   "
echo "------------------------------------------"
	#!/bin/bash
	# CA icin private key uret
	sudo openssl genrsa -out ca.key 2048
	# CA sertifikasini selfsigned olarak olustur
	echo "------------------------------------------"
	echo " CA SERTIFIKA OLUSTURMA "
	echo "------------------------------------------"
	sudo openssl req -new -x509 -key ca.key -out ca.crt
	# Uygulama icin private key uret
	sudo openssl genrsa -out cert1.key 2048
	# Uygulama icin sertifika istegi (CSR) uret
	echo "------------------------------------------"
	echo " UYGULAMA SERTIFIKA OLUSTURMA "
	echo "------------------------------------------"
	sudo openssl req -new -key cert1.key -out cert1.csr
	# CA key'i ile uygulama sertifika istegini isleme al ve CA imzali uygulama sertifikasini olustur.
	sudo openssl x509 -req -in cert1.csr -CA ca.crt -CAkey ca.key -CAcreateserial -out cert1.crt
	# X509v3 Subject Alternative Name alanini guncelleyerek CA imzali uygulama sertifikasini olustur.
	sudo openssl x509 -req -extfile <(printf "subjectAltName=DNS:[FQDN]") -days 365 -in cert1.csr -CA ca.crt -CAkey ca.key -CAcreateserial -out cert1.crt
	# Sertifika icerigini goruntule
	# openssl x509 -in cert1.crt -text -noout
	# CA sertifikasi ve cert1 key ve sertifikasini p12 formatinda kaydet
	echo "------------------------------------------"
	echo " JAVA KEYSTORE OLUSTURMA "
	echo " Password: changeme "
	echo "------------------------------------------"
	sudo openssl pkcs12 -export -in cert1.crt -inkey cert1.key -out cert1.p12 -name cert1 -certfile ca.crt
	# Java keystore olustur ve icine uygulama sertifikasi cert1'i ekle.
	sudo keytool -importkeystore -srcstorepass changeme -srckeystore cert1.p12 -srcstoretype PKCS12 -deststorepass changeme -destkeystore keystore.jks -alias cert1
	# Java keystore'a CA sertifikasini ekle ve guvenilir olmasini sec. uyari ekraninda yes yazilmali
	sudo keytool -import -alias root -keystore keystore.jks -storepass changeme -trustcacerts -file ca.crt
	sudo cp keystore.jks truststore.jks
	echo "------------------------------------------"
	echo " BITTI "
	echo "------------------------------------------"