generate_ssl_pem.sh

#!/bin/bash
# author:xijin.c

read -r -p "请输入文件存储目录名: " dir
cd /data
mkdir $dir
cd $dir


# 生成CA key【采用2048字节】
openssl genrsa -out ca.key 2048
# 生成CA 证书【默认3650天】
openssl req -x509 -new -nodes -key ca.key -sha256 -days 3650 -subj "/CN=www.emqx.io" -out ca.pem


read -r -p "请输入服务端ip: " serverIp
openssl genrsa -out server.key 2048
# 注意将IP修改为服务器IP
openssl req -new -key ./server.key -out server.csr -subj "/CN=$serverIp"
openssl x509 -req -in ./server.csr -CA ca.pem -CAkey ca.key -CAcreateserial -out server.pem -days 3650 -sha256

read -r -p "请输入客户端ip: " clientIp
openssl genrsa -out client.key 2048
#注意将IP修改为客户端IP
openssl req -new -key ./client.key -out client.csr -subj "/CN=$clientIp"
openssl x509 -req -in ./client.csr -CA ca.pem -CAkey ca.key -CAcreateserial -out client.pem -days 3650 -sha256


#将ca.pem 与 client.pem 转化为.crt格式
openssl x509 -outform der -in ca.pem -out ca.crt
openssl x509 -outform der -in client.pem -out client.crt
#将client.key转换为.pem文件【java代码连接需要】
openssl pkcs8 -topk8 -inform PEM -in client.key -outform PEM -nocrypt -out client-key-pkcs8.pem