Last active
March 17, 2020 02:51
-
-
Save virusdefender/08453418f635222b0080b47582d15570 to your computer and use it in GitHub Desktop.
openssl 创建 CA 然后签发服务器证书 (仅供测试)
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash | |
set -ex | |
company="Chaitin" | |
subj="/C=CN/ST=Beijing/L=Beijing/O=$company Tech/OU=Service Infrastructure Department" | |
domain="vulndb" | |
# Create CA | |
openssl genrsa -out ca.key 2048 | |
openssl req -new -x509 -nodes -sha256 -subj "$subj/CN=$company Root CA" -days 7500 -key ca.key -out ca.crt | |
# Create server certificate csr | |
openssl genrsa -out server.key 2048 | |
openssl req -new -nodes -subj "$subj/CN=$domain" -key server.key -out server.csr | |
# CA signs server certificate | |
openssl x509 -req -sha256 -days 820 -extfile <(printf "subjectAltName=DNS:$domain,DNS:www.$domain\nextendedKeyUsage=serverAuth,clientAuth") -in server.csr -CA ca.crt -CAkey ca.key -CAcreateserial -out server.crt | |
cat ca.crt >> server.crt |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
https://podtech.io/os/mac-osx/chrome-catalina-certificate-issue/