shell脚本
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
| #!/bin/sh
# create self-signed server certificate:
read -p "Enter your domain [www.example.com]: " DOMAIN
echo "Create server key..."
openssl genrsa -des3 -out $DOMAIN.key 2048
echo "Create server certificate signing request..."
SUBJECT="/C=CN/ST=ZHEJIANG/L=HANGZHOU/O=qinghuazs/OU=qinghuazs/CN=$DOMAIN"
openssl req -new -subj $SUBJECT -key $DOMAIN.key -out $DOMAIN.csr
echo "Remove password..."
mv $DOMAIN.key $DOMAIN.origin.key
openssl rsa -in $DOMAIN.origin.key -out $DOMAIN.key
echo "Sign SSL certificate..."
openssl x509 -req -days 36500 -in $DOMAIN.csr -signkey $DOMAIN.key -out $DOMAIN.crt
#echo "TODO:"
#echo "Copy $DOMAIN.crt to /var/nginx/ssl/$DOMAIN.crt"
#echo "Copy $DOMAIN.key to /var/nginx/ssl/$DOMAIN.key"
#echo "Add configuration in nginx:"
#echo "server {"
#echo " ..."
#echo " listen 443 ssl;"
#echo " ssl_certificate /etc/nginx/ssl/$DOMAIN.crt;"
#echo " ssl_certificate_key /etc/nginx/ssl/$DOMAIN.key;"
#echo "}"
|
注意
DOMAIN需要是服务器IP对应的域名,否则证书不生效