Skip to content

Instantly share code, notes, and snippets.

@godoway

godoway/genera_ca.md

Created May 6, 2024 03:59
Show Gist options

  • Select an option

    Learn more about clone URLs
  • Save godoway/88830e9b229570ce7f04d5502bfdfda9 to your computer and use it in GitHub Desktop.

Select an option

Learn more about clone URLs
Save godoway/88830e9b229570ce7f04d5502bfdfda9 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
genera_ca.md

生成ca:

#!/bin/sh
IP=$(echo $1)
echo "[req]
default_bits  = 2048
distinguished_name = req_distinguished_name
x509_extensions = v3_req
prompt = no
[req_distinguished_name]
countryName = CN
stateOrProvinceName = Guangdong
localityName = aaa
organizationName = abcd
commonName = abcd
[v3_req]
basicConstraints = CA:TRUE
" > root.cnf

openssl req -x509 -nodes -days 730 -newkey rsa:2048 -keyout rootCA.key -out rootCA.crt -config root.cnf

rm root.cnf

用ca签名

IP=$(echo $1)
echo "
authorityKeyIdentifier=keyid,issuer
basicConstraints=CA:FALSE
keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment
subjectAltName = @alt_names
[alt_names]
IP.1 = $IP
" > cert.cnf
openssl genrsa -out myCA.key 2048

openssl req -new -key myCA.key -out myCA.csr -subj "/C=CN/ST=Guangdong/L=aaa/O=abcd"

openssl x509 -req -in myCA.csr -CA rootCA.crt -CAkey rootCA.key -CAcreateserial -out myCA.crt -days 730 -sha256 -extfile cert.cnf

rm cert.cnf
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment