echo "########generate server key pair"
keytool -genkeypair -alias $SERVER_NAME_JKS -validity 3650 -keyalg RSA -keysize 2048 -keypass changeit -storepass changeit -keystore $SERVER_NAME_JKS.jks
echo "########generate server csr"
keytool -certreq -alias $SERVER_NAME_JKS -sigalg SHA256withRSA -file $SERVER_NAME_JKS.csr -keypass changeit -storepass changeit -keystore $SERVER_NAME_JKS.jks
echo "########generate server cert"
openssl ca -in $SERVER_NAME_JKS.csr -out $SERVER_NAME_JKS.crt -cert $CA_NAME.crt -keyfile $CA_NAME.key -notext -config openssl.cnf
如果要启用V3,或者颁发给某个IP
先修改openssl配置文件 openssl.cnf
[ v3_req ]
# Extensions to add to a certificate request
basicConstraints = CA:TRUE
subjectAltName = @alt_names
[alt_names]
IP.1 = 59.56.XX.XX
再调用命令
openssl ca -in $SERVER_NAME_JKS.csr -out $SERVER_NAME_JKS.crt -cert $CA_NAME.crt -keyfile $CA_NAME.key -extensions v3_req -notext -config openssl.cnf
echo "########import ca cert to jks"
keytool -importcert -v -trustcacerts -alias $CA_NAME -file $CA_NAME.crt -storepass changeit -keystore $SERVER_NAME_JKS.jks
echo "########import server cert to jks"
keytool -importcert -v -alias $SERVER_NAME_JKS -file $SERVER_NAME_JKS.crt -storepass changeit -keystore $SERVER_NAME_JKS.jks
echo "########view jks"
keytool -list -v -keystore $SERVER_NAME_JKS.jks
扫一扫
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
