自带CA ,sha256 哈希签名,2048 位加密 脚本,通用
Posted
tags:
篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了自带CA ,sha256 哈希签名,2048 位加密 脚本,通用相关的知识,希望对你有一定的参考价值。
直接上代码
mkdir ssl
cd ssl
mkdir demoCA
cd demoCA
mkdir newcerts
mkdir private
touch index.txt
echo ‘01‘ > serial
function rand(){
min=$1
max=$(($2-$min+1))
num=$(date +%s%N)
echo $(($num%$max+$min))
}
rnd=$(rand 10 50)
echo $rnd
touch /etc/pki/CA/index.txt
echo $rnd > /etc/pki/CA/serial
CASUBJECT="/C=CN/ST=CA/L=CA/O=CA/OU=CA/CN=CA.COM"
openssl genrsa -out ca.key 2048
openssl req -new -x509 -subj $CASUBJECT -days 3650 -key ca.key -out ca.crt
cd ..
read -p "Enter your domain [www.example.com]: " DOMAIN
SUBJECT="/C=CN/ST=Mars/L=51jubao/O=51jubao/OU=51jubao/CN=$DOMAIN"
openssl genrsa -out $DOMAIN.key 2048
openssl req -new -subj $SUBJECT -key $DOMAIN.key -out $DOMAIN.csr
#openssl ca -days 1460 -in $DOMAIN.csr -out $DOMAIN.crt -cert /root/ssl/demoCA/ca.crt -keyfile /root/ssl/demoCA/ca.key
openssl x509 -req -sha256 -days 1460 -in $DOMAIN.csr -CA /root/ssl/demoCA/ca.crt -CAkey /root/ssl/demoCA/ca.key -CAcreateserial -out $DOMAIN.crt
mkdir -p /usr/local/nginx/ssl
echo "TODO:"
echo "Copy $DOMAIN.crt to /usr/local/nginx/ssl/$DOMAIN.crt"
echo "Copy $DOMAIN.key to /usr/local/nginx/ssl/$DOMAIN.key"
echo "Add configuration in nginx:"
echo "server {"
echo " ..."
echo " listen 443 ssl;"
echo " ssl_certificate /usr/local/nginx/ssl/$DOMAIN.crt;"
echo " ssl_certificate_key /usr/local/nginx/ssl/$DOMAIN.key;"
echo "}"
#cp $DOMAIN.crt /usr/local/nginx/ssl/
#cp $DOMAIN.key /usr/local/nginx/ssl
本文出自 “好先生2020” 博客,请务必保留此出处http://fuyuan2016.blog.51cto.com/8678344/1887474
以上是关于自带CA ,sha256 哈希签名,2048 位加密 脚本,通用的主要内容,如果未能解决你的问题,请参考以下文章
Python JWT 库 PyJWT 使用 HS256 签名时遇到问题 - 使用 SHA-256 哈希算法的 HMAC