生成SSL证书，只能用于测试

SSL

#!/bin/sh

# create self-signed server certificate:

read -p "Enter your domain [www.example.com]: " DOMAIN
read -p "Enter IP address(es) separated by spaces [127.0.0.1]: " IPS

# 默认值
DOMAIN=${DOMAIN:-www.example.com}
IPS=${IPS:-127.0.0.1}

# 生成临时配置文件以包含 IP 地址
cat <<EOF > openssl.cnf
[req]
prompt = no
distinguished_name = req_distinguished_name
req_extensions = v3_req

[req_distinguished_name]
C = US
ST = Mars
L = iTranswarp
O = iTranswarp
OU = iTranswarp
CN = $DOMAIN

[v3_req]
subjectAltName = @alt_names

[alt_names]
DNS.1 = $DOMAIN
EOF

# 将 IP 地址添加到 alt_names 部分
IFS=' ' read -ra ADDR <<< "$IPS"
for ip in "${ADDR[@]}"; do
  echo "IP.$i = $ip" >> openssl.cnf
  ((i++))
done

echo "Create server key..."

openssl genrsa -out $DOMAIN.key 2048

echo "Create server certificate signing request..."

openssl req -config openssl.cnf -new -key $DOMAIN.key -out $DOMAIN.csr

echo "Sign SSL certificate..."

openssl x509 -req -days 3650 -in $DOMAIN.csr -signkey $DOMAIN.key -out $DOMAIN.crt

echo "TODO:"
echo "Copy $DOMAIN.crt to /etc/nginx/ssl/$DOMAIN.crt"
echo "Copy $DOMAIN.key to /etc/nginx/ssl/$DOMAIN.key"
echo "Add configuration in nginx:"
echo "server {"
echo "    listen 443 ssl;"
echo "    server_name $DOMAIN;"
echo "    ssl_certificate     /etc/nginx/ssl/$DOMAIN.crt;"
echo "    ssl_certificate_key /etc/nginx/ssl/$DOMAIN.key;"
echo "    ssl_protocols       TLSv1 TLSv1.1 TLSv1.2;"
echo "    ssl_ciphers         HIGH:!aNULL:!MD5;"
echo "}"

本站文章除注明转载/出处外，均为本站原创或翻译，转载前请务必署名,转载请标明出处
最后编辑时间为: 2024/09/26 17:41