#!/bin/bash

set -e

cd /tmp

SCRIPTE_NAME=$0

if [[ "$SCRIPT_NAME" =~ "^\/" ]];then
    echo "Please change execute path"
    exit 1
fi


read  -p "Please Input Your Domain: " DOMAIN
echo "    Your Domain is: $DOMAIN"

DOMAIN_DIR="$DOMAIN"
mkdir $DOMAIN_DIR && cd $DOMAIN_DIR 


read -p "Create a new CA ?(Y/N): " CA_YES_NO
if [ "x$CA_YES_NO" = "xN" ]; then
  read -p "Please Input Your CA PATH: " CA_PATH
  echo "good $CA_PATH"
  exit 0
elif [ "x$CA_YES_NO" = "xY" ];then
  echo ""
else
  echo "Please Input Y/N"
  exit 1
fi




make_ca() {
    # 创建CA的私钥
    openssl genrsa -out ca.key 2048

    # 创建CA的证书请求文件
    openssl req -new -key ca.key \
                -subj "/C=CN/ST=ZJ/L=HZ/O=testca.com/OU=testca/CN=testca.com/emailAddress=admin@testca.com" \
                -out ca.csr

    # CA自签证书
    openssl x509 -req -in ca.csr -signkey ca.key -out ca.crt -days 35600
}

make_server(){
    # 创建用户的私钥
    openssl genrsa -out ${DOMAIN}.key 2048

    # 创建用户的证书请求文件
    read -p "Single CRT(a.test.com) or all CRT(*.a.test.com) ?(S/A) :" CRT_S_A
    if [ $CRT_S_A = "S" ];then
        openssl req -new -key ${DOMAIN}.key \
                -subj "/C=CN/ST=ZJ/L=HZ/O=test.com/OU=test/CN=$DOMAIN/emailAddress=pritest@test.com" \
                -out ${DOMAIN}.csr
    elif [ $CRT_S_A = "A" ];then
        openssl req -new -key ${DOMAIN}.key \
                -subj "/C=CN/ST=ZJ/L=HZ/O=test.com/OU=test/CN=*.$DOMAIN/emailAddress=pritest@test.com" \
                -out ${DOMAIN}.csr
    else
       echo "INPUT ERROR"
       exit 2
    fi

    # CA给用户的请求文件添加数字签名生产用户证书
    openssl x509 -req -CA ca.crt  -CAkey ca.key  -CAcreateserial -in ${DOMAIN}.csr -out ${DOMAIN}.crt -days 36500
    #openssl rsa -in ${DOMAIN}.key -pubout -out ${DOMAIN}.pem
}

main(){
    make_ca
    make_server
    echo "服务端证书: $DOMAIN_DIR/${DOMAIN}.crt"
    echo "服务证书私钥: $DOMAIN_DIR/${DOMAIN}.key"
    echo "CA证书: $DOMAIN_DIR/ca.crt"
}
main
make_https

results matching ""

No results matching ""
