#!/bin/bash RED_COLOR="\033[0;31m" NO_COLOR="\033[0m" GREEN="\033[32m\033[01m" create_ssl(){ mkdir -p /opt/ssl cd /opt/ssl servername=$(curl -4 -s https://ip.nekocat.cn) cat > my-openssl.cnf << EOF [ ca ] default_ca = CA_default [ CA_default ] x509_extensions = usr_cert [ req ] default_bits = 2048 default_md = sha256 default_keyfile = privkey.pem distinguished_name = req_distinguished_name attributes = req_attributes x509_extensions = v3_ca string_mask = utf8only [ req_distinguished_name ] [ req_attributes ] [ usr_cert ] basicConstraints = CA:FALSE nsComment = "OpenSSL Generated Certificate" subjectKeyIdentifier = hash authorityKeyIdentifier = keyid,issuer [ v3_ca ] subjectKeyIdentifier = hash authorityKeyIdentifier = keyid:always,issuer basicConstraints = CA:true EOF openssl genrsa -out ca.key 2048 openssl req -x509 -new -nodes -key ca.key -subj "/CN=${servername}" -days 5000 -out ca.crt openssl genrsa -out server.key 2048 openssl req -new -sha256 -key server.key \ -subj "/C=CN/ST=yanglc/L=yanglc/O=igewu.org/CN=${servername}" \ -reqexts SAN \ -config <(cat my-openssl.cnf <(printf "\n[SAN]\nsubjectAltName=DNS:${servername},IP:${servername}")) \ -out server.csr openssl x509 -req -days 365 -sha256 \ -in server.csr -CA ca.crt -CAkey ca.key -CAcreateserial \ -extfile <(printf "subjectAltName=DNS:${servername},IP:${servername}") \ -out server.crt cat /opt/ssl/ca.crt echo -e "${GREEN} 自签名证书已成功生成!${NO_COLOR}" } uninstall_ssl() { rm -r /opt/ssl } ssl_info() { echo "证书在/opt/ssl文件夹下" echo "你的证书为:" cat /opt/ssl/server.crt echo "你的密钥为:" cat /opt/ssl/server.key } menu() { echo -e "—————————————— 自签证书一键脚本 ——————————————""" echo -e "\t---authored by yanglc---" echo -e "${Green}0.${Plain} 退出 " echo -e "${Green}1.${Plain} 生成自签证书 " echo -e "${Green}2.${Plain} 删除自签证书 " echo -e "${Green}3.${Plain} 查看证书信息 " read -rp "请输入数字:" menu_num case $menu_num in 0) exit 0 ;; 1) create_ssl menu ;; 2) uninstall_ssl menu ;; 3) ssl_info menu ;; *) red "请输入正确的数字" ;; esac } menu