96 lines
2.5 KiB
Bash
96 lines
2.5 KiB
Bash
|
#!/bin/bash
|
||
|
|
||
|
RED_COLOR="\033[0;31m"
|
||
|
NO_COLOR="\033[0m"
|
||
|
GREEN="\033[32m\033[01m"
|
||
|
|
||
|
create_ssl(){
|
||
|
mkdir -p /opt/ssl
|
||
|
cd /opt/ssl
|
||
|
servername=$(curl -4 -s https://ip.nekocat.cn)
|
||
|
cat > my-openssl.cnf << EOF
|
||
|
[ ca ]
|
||
|
default_ca = CA_default
|
||
|
[ CA_default ]
|
||
|
x509_extensions = usr_cert
|
||
|
[ req ]
|
||
|
default_bits = 2048
|
||
|
default_md = sha256
|
||
|
default_keyfile = privkey.pem
|
||
|
distinguished_name = req_distinguished_name
|
||
|
attributes = req_attributes
|
||
|
x509_extensions = v3_ca
|
||
|
string_mask = utf8only
|
||
|
[ req_distinguished_name ]
|
||
|
[ req_attributes ]
|
||
|
[ usr_cert ]
|
||
|
basicConstraints = CA:FALSE
|
||
|
nsComment = "OpenSSL Generated Certificate"
|
||
|
subjectKeyIdentifier = hash
|
||
|
authorityKeyIdentifier = keyid,issuer
|
||
|
[ v3_ca ]
|
||
|
subjectKeyIdentifier = hash
|
||
|
authorityKeyIdentifier = keyid:always,issuer
|
||
|
basicConstraints = CA:true
|
||
|
EOF
|
||
|
openssl genrsa -out ca.key 2048
|
||
|
openssl req -x509 -new -nodes -key ca.key -subj "/CN=${servername}" -days 5000 -out ca.crt
|
||
|
openssl genrsa -out server.key 2048
|
||
|
openssl req -new -sha256 -key server.key \
|
||
|
-subj "/C=CN/ST=yanglc/L=yanglc/O=igewu.org/CN=${servername}" \
|
||
|
-reqexts SAN \
|
||
|
-config <(cat my-openssl.cnf <(printf "\n[SAN]\nsubjectAltName=DNS:${servername},IP:${servername}")) \
|
||
|
-out server.csr
|
||
|
openssl x509 -req -days 365 -sha256 \
|
||
|
-in server.csr -CA ca.crt -CAkey ca.key -CAcreateserial \
|
||
|
-extfile <(printf "subjectAltName=DNS:${servername},IP:${servername}") \
|
||
|
-out server.crt
|
||
|
cat /opt/ssl/ca.crt
|
||
|
|
||
|
echo -e "${GREEN} 自签名证书已成功生成!${NO_COLOR}"
|
||
|
}
|
||
|
uninstall_ssl() {
|
||
|
rm -r /opt/ssl
|
||
|
}
|
||
|
ssl_info() {
|
||
|
echo "证书在/opt/ssl文件夹下"
|
||
|
echo "你的证书为:"
|
||
|
cat /opt/ssl/server.crt
|
||
|
echo "你的密钥为:"
|
||
|
cat /opt/ssl/server.key
|
||
|
}
|
||
|
|
||
|
menu() {
|
||
|
echo -e "—————————————— 自签证书一键脚本 ——————————————"""
|
||
|
echo -e "\t---authored by yanglc---"
|
||
|
echo -e "${Green}0.${Plain} 退出 "
|
||
|
echo -e "${Green}1.${Plain} 生成自签证书 "
|
||
|
echo -e "${Green}2.${Plain} 删除自签证书 "
|
||
|
echo -e "${Green}3.${Plain} 查看证书信息 "
|
||
|
|
||
|
read -rp "请输入数字:" menu_num
|
||
|
case $menu_num in
|
||
|
0)
|
||
|
exit 0
|
||
|
;;
|
||
|
1)
|
||
|
create_ssl
|
||
|
menu
|
||
|
;;
|
||
|
2)
|
||
|
uninstall_ssl
|
||
|
menu
|
||
|
;;
|
||
|
3)
|
||
|
ssl_info
|
||
|
menu
|
||
|
;;
|
||
|
*)
|
||
|
red "请输入正确的数字"
|
||
|
;;
|
||
|
esac
|
||
|
|
||
|
}
|
||
|
menu
|
||
|
|