dyh
/
DigitalFactory
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
DigitalFactory/docker/nginx/key/ssl.sh

14 lines
1.0 KiB
Bash
Raw Normal View History

初始化
2024-03-18 01:36:19 +00:00
# 生成根证书
openssl genrsa -out admin.com.key 2048
openssl req -x509 -new -nodes -key admin.com.key -subj "/C=US/ST=Utah/L=Lehi/O=ABC Company,Inc./OU=IT/CN=admin.com" -days 5000 -out admin.com.crt
# 生成服务证书请求
openssl genrsa -out abc.admin.com.key 2048
openssl req -new -key abc.admin.com.key -subj "/C=US/ST=Utah/L=Lehi/O=ABC Company,Inc./OU=IT/CN=abc.admin.com" -out abc.admin.com.csr
# 用根证书签发服务器证书
openssl x509 -req -in abc.admin.com.csr -CA admin.com.crt -CAkey admin.com.key -CAcreateserial -out abc.admin.com.crt -days 5000 -extfile <(printf "subjectAltName=IP:127.0.0.1,IP:192.168.1.1,IP:192.168.0.252,DNS:abc.admin.com,DNS:mx.admin.com,DNS:localhost")
# extfile可选可以为服务器证书关联多个IP或者域名
openssl req -x509 -new -nodes -key admin.com.key -sha256 -days 36500 -out admin.com.pem -subj "/C=US/ST=Utah/L=Lehi/O=ABC Company,Inc./OU=IT/CN=admin.com"
openssl x509 -req -in abc.admin.com.csr -CA admin.com.pem -CAkey admin.com.key -CAcreateserial -out abc.admin.com.pem -days 36500 -sha256