|
- #!/bin/sh
- #######################################################################
- #
- # generate signed ssl certs and keys for serverX.example.com
- #
- rm -f /etc/pki/tls/certs/www*.crt
- # certs published at /var/ftp/pub/materials/tls/certs/serverX.crt
- #
- rm -f /etc/pki/tls/private/www*.key
- # keys published at /var/ftp/pub/materials/tls/private/serverX.key
- #
- rm -rf /var/ftp/pub/tls/certs/www*
- rm -rf /var/ftp/pub/tls/private/www*
- #######################################################################
- SUBJ_PREFIX="/C=US/ST=North Carolina/L=Raleigh/O=Example, Inc."
- DOMAIN="example.com"
- PUBTLS=/var/ftp/pub/materials/tls
- if [ -d $PUBTLS ]; then
- echo WARNING: the directory $PUBTLS already exists, which is
- echo probably not a good thing. To completely regenerate
- echo student certs and keys, first remove the directory
- echo $PUBTLS, then run this script.
- echo
- echo Bravely venturing on...
- fi
- mkdir -p $PUBTLS/{certs,private}
- umask 077
- pushd /etc/pki/tls/certs
- for i in $(seq 20); do
- SERVER=www$i
- SUBJECT="$SUBJ_PREFIX/CN=$SERVER.$DOMAIN"
- KEY=../private/$SERVER.key
- if [ -e $KEY ]; then
- echo "key for $SERVER already exists. skipping."
- continue
- fi
- openssl req -new -nodes -out $SERVER.csr -keyout $KEY -subj "$SUBJECT"
- openssl ca -batch -in $SERVER.csr -out $SERVER.crt
- ( cat $KEY; echo; cat $SERVER.crt ) > $SERVER.pem
- install -m 644 $SERVER.crt $SERVER.pem $PUBTLS/certs
- install -m 644 $KEY $PUBTLS/private
- rm -f $SERVER.csr
- done
- popd
- cp -rp /etc/pki/tls/certs/www* /var/ftp/pub/tls/certs/
- cp -rp /etc/pki/tls/private/www* /var/ftp/pub/tls/private/
- chmod 644 /var/ftp/pub/tls/certs/*
- chmod 644 /var/ftp/pub/tls/private/*
复制代码
|
|