Trang chủ Khám phá Trợ giúp
Đăng nhập
mirrors
/
rathole
mirror of https://github.com/rapiz1/rathole
1
0
Fork 0
Các tập tin Các vấn đề 0 Wiki
Tree: 9727e15377
Branches Tags
rathole
/
examples
/
tls
/
create_self_signed_cert.sh

create_self_signed_cert.sh 1.2 KB
Lịch sử Raw

1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162 
  1. #!/bin/sh
    2. 

  2. 

  3. # create CA 
    4. 

  4. openssl req -x509 \
    5. 

  5.             -sha256 -days 356 \
    6. 

  6.             -nodes \
    7. 

  7.             -newkey rsa:2048 \
    8. 

  8.             -subj "/CN=MyOwnCA/C=US/L=San Fransisco" \
    9. 

  9.             -keyout rootCA.key -out rootCA.crt 
    10. 

  10. 

  11. # create server private key
    12. 

  12. openssl genrsa -out server.key 2048
    13. 

  13. 

  14. # create certificate signing request (CSR)
    15. 

  15. cat > csr.conf <<EOF
    16. 

  16. [ req ]
    17. 

  17. default_bits = 2048
    18. 

  18. prompt = no
    19. 

  19. default_md = sha256
    20. 

  20. req_extensions = req_ext
    21. 

  21. distinguished_name = dn
    22. 

  22. 

  23. [ dn ]
    24. 

  24. C = US
    25. 

  25. ST = California
    26. 

  26. L = San Fransisco
    27. 

  27. O = Someone
    28. 

  28. OU = Someone
    29. 

  29. CN = localhost
    30. 

  30. 

  31. [ req_ext ]
    32. 

  32. subjectAltName = @alt_names
    33. 

  33. 

  34. [ alt_names ]
    35. 

  35. DNS.1 = localhost
    36. 

  36. EOF
    37. 

  37. 

  38. openssl req -new -key server.key -out server.csr -config csr.conf
    39. 

  39. 

  40. # create server cert
    41. 

  41. cat > cert.conf <<EOF
    42. 

  42. authorityKeyIdentifier=keyid,issuer
    43. 

  43. basicConstraints=CA:FALSE
    44. 

  44. keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment
    45. 

  45. subjectAltName = @alt_names
    46. 

  46. 

  47. [alt_names]
    48. 

  48. DNS.1 = localhost
    49. 

  49. EOF
    50. 

  50. 

  51. openssl x509 -req \
    52. 

  52.     -in server.csr \
    53. 

  53.     -CA rootCA.crt -CAkey rootCA.key \
    54. 

  54.     -out server.crt \
    55. 

  55.     -days 365 \
    56. 

  56.     -sha256 -extfile cert.conf
    57. 

  57. 

  58. # create pkcs12
    59. 

  59. openssl pkcs12 -export -out identity.pfx -inkey server.key -in server.crt -certfile rootCA.crt -passout pass:1234
    60. 

  60. 

  61. # clean up
    62. 

  62. rm server.csr csr.conf cert.conf
    63.