lingsamuel/gen_cert.sh

## gen_cert.sh
#!/bin/bash
set -ex

DIR="certs" # 证书存放目录
DAYS=365 # 有效期

ORG_NAME=${ORG_NAME:-"ORG_NAME"}
ORG_UNIT=${ORG_UNIT:-"ORG_UNIT"}
CA_CN=${CA_CN:-"CA_CN"}
USER_CN=${USER_CN:-"USER_CN"}

# parameter: output_filename subj
gen_root() {
    local CONFIG="
    [req]
    distinguished_name=dn
    [ dn ]
    [ ext ]
    basicConstraints=CA:TRUE
    subjectAltName=$DOMAIN_SUBJ_ALT_NAME
    "

    openssl req -config <(echo "$CONFIG") -new -newkey rsa:4096 -nodes \
    -subj "$2" -x509 -days ${DAYS} -extensions ext -keyout ${DIR}/$1.key -out ${DIR}/$1.pem
}

# parameter: output_filename subj ca_filename
gen_intermediate() {
    CONFIG="
    [req]
    distinguished_name=dn
    [ dn ]
    [ ext ]
    basicConstraints=CA:TRUE,pathlen:10
    subjectAltName=$DOMAIN_SUBJ_ALT_NAME
    "

    openssl genrsa -out ${DIR}/$1.key 4096
    openssl req -config <(echo "$CONFIG") -key ${DIR}/$1.key -new -out ${DIR}/$1.req -subj "$2"
    openssl x509 -days ${DAYS} -req -in ${DIR}/$1.req -out ${DIR}/$1.pem -CAkey ${DIR}/$3.key -CA ${DIR}/$3.pem -CAcreateserial -req -extfile <(echo "$CONFIG") -extensions ext
}

# parameter: output_filename subj ca_filename
gen_user() {
    local CONFIG="
    [req]
    distinguished_name=dn
    [ dn ]
    [ ext ]
    basicConstraints=CA:FALSE
    subjectAltName=$DOMAIN_SUBJ_ALT_NAME
    "

    openssl genrsa -out ${DIR}/$1.key 4096
    openssl req -config <(echo "$CONFIG") -key ${DIR}/$1.key -new -out ${DIR}/$1.req -subj "$2"
    openssl x509 -days ${DAYS} -req -in ${DIR}/$1.req -out ${DIR}/$1.pem -CAkey ${DIR}/$3.key -CA ${DIR}/$3.pem -CAcreateserial -req -extfile <(echo "$CONFIG") -extensions ext
}

mkdir -p "$DIR"
CA_SUBJ="/C=CN/ST=Zhejiang/L=Hangzhou/O=${ORG_NAME}/OU=${ORG_UNIT}/CN=${CA_CN}/emailAddress=${EMAIL}"
gen_root ca "${CA_SUBJ}"

USER_SUBJ="/C=CN/ST=Zhejiang/L=Hangzhou/O=${ORG_NAME}/OU=${ORG_UNIT}/CN=${USER_CN}/emailAddress=${EMAIL}"
gen_user user "${USER_SUBJ}" ca
	#!/bin/bash
	set -ex

	DIR="certs" # 证书存放目录
	DAYS=365 # 有效期

	ORG_NAME=${ORG_NAME:-"ORG_NAME"}
	ORG_UNIT=${ORG_UNIT:-"ORG_UNIT"}
	CA_CN=${CA_CN:-"CA_CN"}
	USER_CN=${USER_CN:-"USER_CN"}

	# parameter: output_filename subj
	gen_root() {
	local CONFIG="
	[req]
	distinguished_name=dn
	[ dn ]
	[ ext ]
	basicConstraints=CA:TRUE
	subjectAltName=$DOMAIN_SUBJ_ALT_NAME
	"

	openssl req -config <(echo "$CONFIG") -new -newkey rsa:4096 -nodes \
	-subj "$2" -x509 -days ${DAYS} -extensions ext -keyout ${DIR}/$1.key -out ${DIR}/$1.pem
	}

	# parameter: output_filename subj ca_filename
	gen_intermediate() {
	CONFIG="
	[req]
	distinguished_name=dn
	[ dn ]
	[ ext ]
	basicConstraints=CA:TRUE,pathlen:10
	subjectAltName=$DOMAIN_SUBJ_ALT_NAME
	"

	openssl genrsa -out ${DIR}/$1.key 4096
	openssl req -config <(echo "$CONFIG") -key ${DIR}/$1.key -new -out ${DIR}/$1.req -subj "$2"
	openssl x509 -days ${DAYS} -req -in ${DIR}/$1.req -out ${DIR}/$1.pem -CAkey ${DIR}/$3.key -CA ${DIR}/$3.pem -CAcreateserial -req -extfile <(echo "$CONFIG") -extensions ext
	}

	# parameter: output_filename subj ca_filename
	gen_user() {
	local CONFIG="
	[req]
	distinguished_name=dn
	[ dn ]
	[ ext ]
	basicConstraints=CA:FALSE
	subjectAltName=$DOMAIN_SUBJ_ALT_NAME
	"

	openssl genrsa -out ${DIR}/$1.key 4096
	openssl req -config <(echo "$CONFIG") -key ${DIR}/$1.key -new -out ${DIR}/$1.req -subj "$2"
	openssl x509 -days ${DAYS} -req -in ${DIR}/$1.req -out ${DIR}/$1.pem -CAkey ${DIR}/$3.key -CA ${DIR}/$3.pem -CAcreateserial -req -extfile <(echo "$CONFIG") -extensions ext
	}

	mkdir -p "$DIR"
	CA_SUBJ="/C=CN/ST=Zhejiang/L=Hangzhou/O=${ORG_NAME}/OU=${ORG_UNIT}/CN=${CA_CN}/emailAddress=${EMAIL}"
	gen_root ca "${CA_SUBJ}"

	USER_SUBJ="/C=CN/ST=Zhejiang/L=Hangzhou/O=${ORG_NAME}/OU=${ORG_UNIT}/CN=${USER_CN}/emailAddress=${EMAIL}"
	gen_user user "${USER_SUBJ}" ca