快速创建网站证书

ssl_crt_build.sh

#!/bin/bash

# 创建签名配置
cat>$1.conf<<EOF
[req]
distinguished_name = req_distinguished_name
req_extensions = v3_req

[req_distinguished_name]
countryName = Country Name (2 letter code)
countryName_default = US
stateOrProvinceName = State or Province Name (full name)
stateOrProvinceName_default = MN
localityName = Locality Name (eg, city)
localityName_default = Minneapolis
organizationalUnitName	= Organizational Unit Name (eg, section)
organizationalUnitName_default	= Domain Control Validated
commonName = Internet Widgits Ltd
commonName_max	= 64

[ v3_req ]
# Extensions to add to a certificate request
basicConstraints = CA:FALSE
keyUsage = nonRepudiation, digitalSignature, keyEncipherment
subjectAltName = @alt_names

[alt_names]
DNS.1 = $1
DNS.2 = *.$1
EOF

# 生成私钥
openssl genrsa -out $1.key 2048

# 创建签名申请
openssl req -new -key $1.key -out $1.csr -subj "/C=/ST=/O=/localityName=/commonName=*.${1}/organizationalUnitName=/emailAddress=/" -config $1.conf -passin pass:

# 创建证书
openssl x509 -req -days 365 -in $1.csr -signkey $1.key -out $1.crt -extensions v3_req -extfile $1.conf

# 创建完成

echo '创建完成, 请将相应的秘钥文件放入nginx, 并且配置相应网站的ssl配置：'
echo "ssl_certificate $1.crt";
echo "ssl_certificate_key $1.key";

exit 0

使用：

$>./ssl_crt_build.sh <key_name>

就会在当前目录创建一套证书需要的文件