Directly on the code
mkdir SSL
CD SSL
mkdir Democa
CD Democa
mkdir Newcerts
mkdir Private
Touch Index.txt
echo ' Serial ' >
function rand () {
Min=$1
max=$ (($2-$min + 1))
num=$ (Date +%s%n)
echo $ (($num% $max + $min))
}
rnd=$ (Rand 10 50)
Echo $rnd
Touch/etc/pki/ca/index.txt
echo $rnd >/etc/pki/ca/serial
casubject= "/c=cn/st=ca/l=ca/o=ca/ou=ca/cn=ca.com"
OpenSSL genrsa-out Ca.key 2048
OpenSSL req-new-x509-subj $CASUBJECT-days 3650-key ca.key-out ca.crt
Cd..
Read-p "Enter your domain [www.example.com]:" Domain
subject= "/c=cn/st=mars/l=51jubao/o=51jubao/ou=51jubao/cn= $DOMAIN"
OpenSSL genrsa-out $DOMAIN. Key 2048
OpenSSL req-new-subj $SUBJECT-key $DOMAIN. Key-out $DOMAIN. CSR
#openssl ca-days 1460-in $DOMAIN. Csr-out $DOMAIN. Crt-cert/root/ssl/democa/ca.crt-keyfile/root/ssl/democa/ca.key
OpenSSL x509-req-sha256-days 1460-in $DOMAIN. Csr-ca/root/ssl/democa/ca.crt-cakey/root/ssl/democa/ca.key- Cacreateserial-out $DOMAIN. CRT
Mkdir-p/usr/local/nginx/ssl
echo "TODO:"
echo "Copy $DOMAIN. CRT to/usr/local/nginx/ssl/$DOMAIN. CRT"
echo "Copy $DOMAIN. Key to/usr/local/nginx/ssl/$DOMAIN. Key"
echo "ADD configuration in Nginx:"
echo "Server {"
echo "..."
echo "Listen 443 SSL;"
echo "ssl_certificate/usr/local/nginx/ssl/$DOMAIN. crt;"
echo "ssl_certificate_key/usr/local/nginx/ssl/$DOMAIN. Key;"
echo "}"
#cp $DOMAIN. crt/usr/local/nginx/ssl/
#cp $DOMAIN. Key/usr/local/nginx/ssl
This article is from "Good Sir 2020" blog, please make sure to keep this source http://fuyuan2016.blog.51cto.com/8678344/1887474
Self-brought CA, sha256 hash signature, 2048-bit encryption script, universal