重新生成https證書

似懂非懂视为不懂發表於2024-12-10

建立mkdir genHttpsCert.sh檔案並插入以下內容。

執行方式 sh genHttpsCert.sh [ip1,ip2……ipn]

#!/bin/bash

cur_dir=$(cd `dirname $0`; pwd)
ssl_dir=$cur_dir"/ssl"
mkdir "$ssl_dir"
caConf=$ssl_dir"/ca.cnf"
consulConf=$ssl_dir"/consul.cnf"
serverConf=$ssl_dir"/server.cnf"
clientConf=$ssl_dir"/client.cnf"
caKey=$ssl_dir"/ca.key"
consulKey=$ssl_dir"/consul.key"
serverKey=$ssl_dir"/server.key"
clientKey=$ssl_dir"/client.key"
caCsr=$ssl_dir"/ca.csr"
consulCsr=$ssl_dir"/consul.csr"
serverCsr=$ssl_dir"/server.csr"
clientCsr=$ssl_dir"/client.csr"
caCer=$ssl_dir"/ca.cer"
consulCer=$ssl_dir"/consul.cer"
serverCer=$ssl_dir"/server.cer"
clientCer=$ssl_dir"/client.cer"
caP12=$ssl_dir"/ca.p12"
caTrustP12=$ssl_dir"/ca_.p12"
consulP12=$ssl_dir"/consul.p12"
serverP12=$ssl_dir"/server.p12"
clientP12=$ssl_dir"/client.p12"
function genCaCnf(){
	str="[req]\ndistinguished_name = req_distinguished_name\nreq_extensions = v3_req\n[req_distinguished_name]\ncountryName = Country Name (2 letter code)\ncountryName_default = CN\nstateOrProvinceName = State or Province Name (full name)\nstateOrProvinceName_default = GD\nlocalityName = Locality Name (eg, city)\nlocalityName_default = SZ\norganizationalUnitName = Organizational Unit Name (eg, section)\norganizationalUnitName_default = audaque\ncommonName = ca\ncommonName_max = 64\n[ v3_req ]\nbasicConstraints = CA:TRUE\nkeyUsage = cRLSign,keyCertSign"
	echo -e $str > $caConf
	
}
function genClientCnf(){
	str="[req]\ndistinguished_name = req_distinguished_name\nreq_extensions = v3_req\n[req_distinguished_name]\ncountryName = Country Name (2 letter code)\ncountryName_default = CN\nstateOrProvinceName = State or Province Name (full name)\nstateOrProvinceName_default = GD\nlocalityName = Locality Name (eg, city)\nlocalityName_default = SZ\norganizationalUnitName = Organizational Unit Name (eg, section)\norganizationalUnitName_default = audaque\ncommonName = client\ncommonName_max = 64\n[ v3_req ]\n# Extensions to add to a certificate request\nextendedKeyUsage = clientAuth\nkeyUsage = digitalSignature,keyEncipherment"
	echo -e $str > $clientConf
}
function genServerCnf(){
	domains=(audaque.com audaque1.com audaque2.com www.audaqueproxy.com)
	str="[req]\ndistinguished_name = req_distinguished_name\nreq_extensions = v3_req\n[req_distinguished_name]\ncountryName = Country Name (2 letter code)\ncountryName_default = CN\nstateOrProvinceName = State or Province Name (full name)\nstateOrProvinceName_default = GD\nlocalityName = Locality Name (eg, city)\nlocalityName_default = SZ\norganizationalUnitName = Organizational Unit Name (eg,section)\norganizationalUnitName_default = audaque\ncommonName = server\ncommonName_max = 64\n[ v3_req ]\n# Extensions to add to a certificate request\nextendedKeyUsage = serverAuth\nkeyUsage = digitalSignature,keyEncipherment\nsubjectAltName = @alt_names\n[alt_names]\n"
	i=1
	for domain in "${domains[@]}"
	do 
		domainKeyValue="DNS."$i"="$domain"\n"
		str=$str""$domainKeyValue
		i=`expr $i + 1`
	done
	
	i=1
	for ip in $*
	do 
		ipKeyValue="IP."$i"="$ip"\n"
		str=$str""$ipKeyValue
		i=`expr $i + 1`
	done
	echo -e $str > $serverConf
}
function genConsulCnf(){
  domains=(adq-msp server.adq-msp.consul audaque.com audaque1.com audaque2.com www.audaqueproxy.com)
	
	str="[req]\ndistinguished_name = req_distinguished_name\nreq_extensions = v3_req\n[req_distinguished_name]\ncountryName = Country Name (2 letter code)\ncountryName_default = CN\nstateOrProvinceName = State or Province Name (full name)\nstateOrProvinceName_default = GD\nlocalityName = Locality Name (eg, city)\nlocalityName_default = SZ\norganizationalUnitName = Organizational Unit Name (eg, section)\norganizationalUnitName_default = audaque\ncommonName = consul_server\ncommonName_max = 64\n[ v3_req ]\n# Extensions to add to a certificate request\nextendedKeyUsage = serverAuth,clientAuth\nkeyUsage = digitalSignature,keyEncipherment\nsubjectAltName = @alt_names\n[alt_names]\n"
	domainKeyValue="DNS.1="$domain"\n"
	str=$str""$domainKeyValue
	i=1
  for domain in "${domains[@]}"
	do 
		domainKeyValue="DNS."$i"="$domain"\n"
		str=$str""$domainKeyValue
		i=`expr $i + 1`
	done
  i=1
	for ip in $*
	do 
		ipKeyValue="IP."$i"="$ip"\n"
		str=$str""$ipKeyValue
		i=`expr $i + 1`
	done
	echo -e $str > $consulConf
}


#genCaCnf
genClientCnf
genServerCnf $*
genConsulCnf $*

#openssl genrsa -out $caKey -aes256 -passout pass:Audaque@123 3072
openssl genrsa -out $serverKey -aes256 -passout pass:audaque@123 3072
openssl genrsa -out $clientKey -aes256 -passout pass:audaque@123 3072
openssl genrsa -out $consulKey -aes256 -passout pass:audaque@123 3072
#oem版本使用
#openssl genpkey -out $caKey -algorithm RSA -pkeyopt rsa_keygen_bits:3072 -pass pass:Audaque@123
#openssl genpkey -out $serverKey -algorithm RSA -pkeyopt rsa_keygen_bits:3072 -pass pass:Audaque@123
#openssl genpkey -out $clientKey -algorithm RSA -pkeyopt rsa_keygen_bits:3072 -pass pass:Audaque@123
#openssl genpkey -out $consulKey -algorithm RSA -pkeyopt rsa_keygen_bits:3072 -pass pass:Audaque@123
#生成證書
#openssl req -new -key $caKey -passin pass:Audaque@123 -out $caCsr -config $caConf -subj /C=cn/ST=gd/L=sz/O=audaque/OU=audaque/CN=ca/emailAddress=adqcloud@audaque.com
#openssl x509 -sha256 -req -in $caCsr -signkey $caKey -passin pass:Audaque@123 -out $caCer -days 3650 -extfile $caConf -extensions v3_req
openssl req -new -key $serverKey -passin pass:audaque@123 -out $serverCsr -config $serverConf -subj /C=cn/ST=gd/L=sz/O=audaque/OU=audaque/CN=server/emailAddress=adqcloud@audaque.com
openssl x509 -sha256 -req -CA $caCer -CAkey $caKey  -passin pass:audaque@123 -CAcreateserial -in $serverCsr -out $serverCer -days 3650 -extfile $serverConf -extensions v3_req
openssl req -new -key $clientKey -passin pass:audaque@123 -out $clientCsr -config $clientConf -subj /C=cn/ST=gd/L=sz/O=audaque/OU=audaque/CN=client/emailAddress=adqcloud@audaque.com
openssl x509 -sha256 -req -CA $caCer -CAkey $caKey  -passin pass:audaque@123 -CAcreateserial -in $clientCsr -out $clientCer -days 3650 -extfile $clientConf -extensions v3_req
openssl req -new -key $consulKey -passin pass:audaque@123 -out $consulCsr -config $consulConf -subj /C=cn/ST=gd/L=sz/O=audaque/OU=audaque/CN=consul/emailAddress=adqcloud@audaque.com
openssl x509 -sha256 -req -CA $caCer -CAkey $caKey  -passin pass:audaque@123 -CAcreateserial -in $consulCsr -out $consulCer -days 3650 -extfile $consulConf -extensions v3_req

#匯出證書
openssl pkcs12 -export -in $serverCer -inkey $serverKey  -passin pass:audaque@123 -out $serverP12 -name server -CAfile $caCer -caname ca -passout pass:audaque@123
openssl pkcs12 -export -in $clientCer -inkey $clientKey  -passin pass:audaque@123 -out $clientP12 -name client -CAfile $caCer -caname ca -passout pass:audaque@123
openssl pkcs12 -export -in $consulCer -inkey $consulKey  -passin pass:audaque@123 -out $consulP12 -name consul -CAfile $caCer -caname ca -passout pass:audaque@123
#openssl pkcs12 -export -in $caCer -inkey $caKey  -passin pass:Audaque@123 -out $caP12 -name ca -passout pass:Audaque@123
#/data/adqcloud/jre/bin/keytool -import -alias ca -trustcacerts -file $caCer -storetype PKCS12 -storepass Audaque@123 -keystore $caTrustP12 -noprompt


rm -rf $ssl_dir/*.cnf
rm -rf $ssl_dir/*.csr
rm -rf $ssl_dir/*.srl

生成https證書
2018-07-28
HTTP
SSL證書生成，完成HTTPS驗證
2020-03-30
HTTP
HTTPS-自己生成數字證書
2021-11-16
HTTP
https--OpenSSL生成root CA及簽發證書
2019-01-24
HTTP
centos下 openssl 生成區域網ip的https證書
2024-06-03
CentOSHTTP
免費https證書
2019-01-13
HTTP
Nginx 配置https證書
2019-03-03
NginxHTTP
建立並使用https證書
2021-01-21
HTTP
HTTPS的SSL證書配置
2019-02-27
HTTP
Fiddler安裝https證書
2018-12-20
HTTP
curl 設定https 不驗證證書
2024-09-14
HTTP
自己手動建立https證書
2024-12-06
HTTP
本地簽發ssl證書(https)
2024-10-22
HTTP
部署HTTPS證書有必要嗎？
2020-08-14
HTTP
Apache 配置https 自簽名證書或者購賣證書
2019-02-13
ApacheHTTP
HTTPS加密過程和TLS證書驗證
2019-03-03
HTTP加密TLS
https數字證書作用和數字證書是否可以登出？
2020-08-21
HTTP
什麼是HTTPS證書？HTTP與HTTPS的區別
2019-12-09
HTTP
https證書多少錢一年
2019-10-28
HTTP
如何申請購買HTTPS證書
2020-06-24
HTTP
查詢https證書到期時間
2018-11-07
HTTP
let's encrypt 申請 https 證書
2019-02-22
HTTP
2分鐘獲得HTTPS證書
2019-01-19
HTTP
Springboot內建tomcat配置HTTPS證書
2019-03-12
Spring BootTomcatHTTP
【加解密】使用CFSSL生成證書並使用gRPC驗證證書
2021-08-18
解密RPC
使用https證書的好處都有哪些？
2023-05-15
HTTP
在本地環境配置 https 證書（mac）
2024-03-25
HTTPMac
如何獲取網站的HTTPS證書？
2020-06-16
網站HTTP
Tomcat 安裝SSL證書 – HTTPS SSL 教程
2020-04-07
TomcatHTTP
SSL證書轉PEM格式 – HTTPS SSL 教程
2020-04-02
HTTP
SSL證書格式轉換 – HTTPS SSL 教程
2020-03-26
HTTP
為什麼要申請https證書
2019-05-29
HTTP
使用 Acme.sh 申請 https 證書
2020-12-08
ACMHTTP
使用acme申請https免費證書
2019-03-25
ACMHTTP
使用 acme.sh 製作 HTTPS 證書
2018-03-15
ACMHTTP
如何使用Docker生成SSL證書
2023-01-16
Docker
openssl生成自簽名證書
2019-09-22
Android okhttp3.0配置https的自簽證書和信任所有證書
2019-03-09
AndroidHTTP

重新生成https證書

相關文章