自签证书记录

自签证书记录

    • 背景
    • 工具准备
    • 自动化脚本
    • 配置文件
      • ca.conf
      • server.conf

背景

单纯只是为了需要使用年限长点.

工具准备

  1. Ubuntu系统
  2. openssl 版本号:1.1.1-1ubuntu2.1~18.04.15

自动化脚本

#!/bin/bash

function create() {
	echo start!
	keepTime=$1
	echo $1
	openssl genrsa -out ca.key 4096
	openssl req -new -sha256 -out ca.csr -key ca.key -config ca.conf
	openssl x509 -req -days ${keepTime} -in ca.csr -signkey ca.key -out ca.crt
	openssl genrsa -out server.key 2048
	openssl req -new -sha256 -out server.csr -key server.key -config server.conf
	openssl x509 -req -day ${keepTime} -CA ca.crt -CAkey ca.key -CAcreateserial -in server.csr -out server.crt -extensions req_ext -extfile server.conf
	echo success!
}

function main() {
	case $1 in
	new)
		create $2
	;;
	test)
		openssl s_server -accept 443 -CAfile ca.crt -verify 1 -cert server.crt -key server.key -www -debug -msg
	;;
	*)
		usage_print $0
	;;
	easc
}

main $@

配置文件

本文只有两个配置文件需要修改ca.conf server.conf

ca.conf

[ req ]
default_bits = 4096
distinguished_name = req_distinguished_name

[ req_distinguished_name ]
countryName = CN
countryName_default = CN
stateOrProvinceName = ChenMing SSL
stateOrProvinceName_default = ChenMing SSL
localityName = ShenZhen
localityName_default = ShenZhen
organizationName = ChenMing
organizationName_default = ChenMing
commonName = APPNAME
commonName_max = 64
commonName_default = APPNAME

字符串部分随便填写如果客户没有要求,第一个default_bits默认使用4096

server.conf

[ req ]
default_bits = 2048
distinguished_name = req_distinguished_name
req_extensions = req_ext

[ req_distinguished_name ]
countryName = CN
countryName_default = CN
stateOriProvinceName = ChenMing SSL
stateOriProvinceName_default = ChenMing SSL
localityName = ShenZhen
localityName_default = ShenZhen
organizationName = ChenMing
organizationName_default = ChenMing
commonName = APPNAME
commonName_max = 64
commonName_default = APPNAME

[ req_ext ]
subjectAltName = @alt_names

[alt_names]
DNS.1 = a.chenming.com.cn
DNS.2 = b.chenming.com.cn
DNS.3 = *.chenming.com

域名校验就是通过[alt_names]部分进行修改
上面字符串部分和ca.conf最好匹配上

你可能感兴趣的:(安全,web安全)