一键生成证书

OpenSSL生成证书

#!/usr/bin/env bash

set -e

# Locate shell script path
SCRIPT_DIR=$(dirname $0)
if [ ${SCRIPT_DIR} != '.' ]
then
  cd ${SCRIPT_DIR}
fi

# Generate RSA private key
openssl genrsa -des3 -passout pass:x -out server.pass.key 2048

# Remove password in the private key
openssl rsa -passin pass:x -in server.pass.key -out server.key
rm -f server.pass.key

# Generate CSR sign request
SUBJ="$1"
openssl req -new -key server.key -out server.csr -subj "$SUBJ"

# Generate CRT signed cert
openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt

./test.sh "/C=CN/ST=Guangdong/L=Guangzhou/O=xdevops/OU=xdevops/CN=link.511yao.com"

KeyTool生成证书

1、生成服务器证书库

keytool -validity 365 -genkey -v -alias server -keyalg RSA -keystore server.keystore -dname "CN=127.0.0.1,OU=soft,O=soft,L=Haidian,ST=Beijing,c=cn" -storepass helloworld -keypass helloworld

2、生成客户端证书库

keytool -validity 365 -genkeypair -v -alias client -keyalg RSA -storetype PKCS12 -keystore client.p12 -dname "CN=client,OU=soft,O=soft,L=Haidian,ST=Beijing,c=cn" -storepass helloworld -keypass helloworld

3、从客户端证书库中导出客户端证书

keytool -export -v -alias client -keystore client.p12 -storetype PKCS12 -storepass helloworld -rfc -file client.cer

4、从服务器证书库中导出服务器证书

keytool -export -v -alias server -keystore server.keystore -storepass helloworld -rfc -file server.cer

5、生成客户端信任证书库(由服务器证书生成的证书库)

keytool -import -v -alias server -file server.cer -keystore client.truststore -storepass helloworld

6、将客户端证书导入到服务器证书库(使得服务器信任客户端证书)

keytool -import -v -alias client -file client.cer -keystore server.keystore -storepass helloworld

7、查看证书库中的全部证书

keytool -list -keystore server.keystore -storepass helloworld

8、将server.keystore转换成PKCS12类型证书

keytool -importkeystore -srckeystore server.keystore -destkeystore server.key.p12 -srcalias server -destalias server -srcstoretype jks -deststoretype pkcs12 -noprompt

keytool -importkeystore -srckeystore client.truststore -destkeystore trust.key.p12 -srcalias client -destalias client -srcstoretype jks -deststoretype pkcs12 -noprompt

你可能感兴趣的:(一键生成证书)