linux openssl ca证书管理脚本:
#!/bin/bash
days=7300
if(test $# -be 2); then
days=$2
fi
usage()
{
echo "./ca.sh init days"
echo "./ca.sh sign days prefix"
echo "for example"
echo "./ca.sh init 7300"
echo "./ca.sh sign 7300 user"
exit 255
}
init()
{
mkdir -p ./demoCA/{private,newcerts}
touch ./demoCA/index.txt
echo 01 > ./demoCA/serial
openssl genrsa -aes256 -out ./demoCA/private/cakey.pem 2048
openssl req -new -x509 -days $days -key ./demoCA/private/cakey.pem -out ./demoCA/cacert.pem
}
sign()
{
mkdir $1
if(test $? -ne 0); then
echo "mkdir error"
exit 254
fi
openssl genrsa -aes256 -out $1/$1_key.pem
openssl req -new -days $days -key $1/$1_key.pem -out $1/$1_req.pem
openssl ca -in $1/$1_req.pem -out $1/$1_cert.pem
}
case $1 in
init)
init
;;
sign)
if(test $# -ne 3); then
usage
fi
sign $3
;;
esac