Created
September 6, 2017 07:40
-
-
Save zhoulifu/de58ca9fecdb2a1d08922d26664c2409 to your computer and use it in GitHub Desktop.
Shell script for generating self-signed certification and exporting a Java keystore file
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash | |
_echo() { | |
echo | |
# echo $1 | |
echo $'\e[0;33m'"$1"$'\e[0m' | |
} | |
_check() { | |
[ $1 -eq 0 ] || exit $1 | |
} | |
# create self-signed server certificate: | |
read -p "Enter your domain [www.example.com]: " DOMAIN | |
_echo "Create RSA key..." | |
openssl genrsa -des3 -out $DOMAIN.key 1024 | |
_check $? | |
_echo "Remove password from ${DOMAIN}.key..." | |
mv $DOMAIN.key $DOMAIN.psw.key | |
openssl rsa -in $DOMAIN.psw.key -out $DOMAIN.key | |
_check $? | |
_echo "Make a certificate request..." | |
SUBJECT="/CN=$DOMAIN" | |
openssl req -new -subj $SUBJECT -key $DOMAIN.key -out $DOMAIN.csr | |
_echo "Create self-signed SSL certificate..." | |
openssl x509 -req -days 3650 -in $DOMAIN.csr -signkey $DOMAIN.key -out $DOMAIN.crt | |
_echo "Format ${DOMAIN}.crt as pkcs12..." | |
openssl pkcs12 -export -in $DOMAIN.crt -inkey $DOMAIN.key -out client.pkcs12 | |
_check $? | |
_echo "Export java keystore file..." | |
keytool -importkeystore -srckeystore client.pkcs12 -destkeystore client.jks -srcstoretype pkcs12 | |
_check $? | |
echo "TODO:" | |
echo "Modify nginx configuration:" | |
echo "server {" | |
echo " ..." | |
echo " listen 443 ssl;" | |
echo " ssl_certificate /path/to/$DOMAIN.crt;" | |
echo " ssl_certificate_key /path/to/$DOMAIN.key;" | |
echo " ..." | |
echo "}" |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment