This commit is contained in:
71
File/Shell/openssl-cert.sh
Normal file
71
File/Shell/openssl-cert.sh
Normal file
@@ -0,0 +1,71 @@
|
||||
#!/bin/bash
|
||||
|
||||
#############################################################################################
|
||||
# 用途: 生成 Docker 远程证书生成脚本
|
||||
# 作者: 丁辉
|
||||
# 编写时间: 2024-01-03
|
||||
#############################################################################################
|
||||
|
||||
# 加载检测脚本
|
||||
source <(curl -sS https://gitee.com/offends/Shell/raw/main/Check_command.sh)
|
||||
|
||||
# 定义变量
|
||||
IP="127.0.0.1"
|
||||
PASSWORD="123456"
|
||||
VALIDITY_PERIOD=3650
|
||||
|
||||
SEND_INFO "开始生成 Docker 远程证书,请稍等..."
|
||||
|
||||
CHECK_DIR "/usr/local/ca"
|
||||
|
||||
cd /usr/local/ca
|
||||
|
||||
# 生成 CA 私钥
|
||||
openssl genrsa -aes256 -passout pass:"$PASSWORD" -out ca-key.pem 4096
|
||||
|
||||
# 生成 CA 证书
|
||||
openssl req -new -x509 -days $VALIDITY_PERIOD -key ca-key.pem -passin pass:"$PASSWORD" -sha256 -out ca.pem -subj "/C=CN/ST=./L=./O=./CN=$IP"
|
||||
|
||||
# 生成服务器私钥
|
||||
openssl genrsa -out server-key.pem 4096
|
||||
|
||||
# 生成服务器证书签名请求
|
||||
openssl req -subj "/CN=$IP" -sha256 -new -key server-key.pem -out server.csr
|
||||
|
||||
# 生成服务器证书
|
||||
echo subjectAltName = IP:$IP,IP:0.0.0.0 >> server.cnf
|
||||
|
||||
openssl x509 -req -days $VALIDITY_PERIOD -sha256 -in server.csr -CA ca.pem -CAkey ca-key.pem -passin "pass:$PASSWORD" -CAcreateserial -out server-cert.pem -extfile server.cnf
|
||||
|
||||
# 生成客户端私钥
|
||||
openssl genrsa -out key.pem 4096
|
||||
|
||||
# 生成客户端证书签名请求
|
||||
openssl req -subj '/CN=client' -new -key key.pem -out client.csr
|
||||
|
||||
# 生成客户端证书
|
||||
echo extendedKeyUsage = clientAuth >> server.cnf
|
||||
|
||||
echo extendedKeyUsage = clientAuth > server-client.cnf
|
||||
|
||||
openssl x509 -req -days $VALIDITY_PERIOD -sha256 -in client.csr -CA ca.pem -CAkey ca-key.pem -passin "pass:$PASSWORD" -CAcreateserial -out cert.pem -extfile server-client.cnf
|
||||
|
||||
# 清理文件
|
||||
rm -rf client.csr server.csr server.cnf server-client.cnf
|
||||
|
||||
# 修改权限
|
||||
chmod 0400 ca-key.pem key.pem server-key.pem
|
||||
|
||||
chmod 0444 ca.pem server-cert.pem cert.pem
|
||||
|
||||
SEND_INFO "Docker 远程证书生成完毕,正在移动目录请稍等..."
|
||||
|
||||
CHECK_DIR "/etc/docker/cert/2375/"
|
||||
|
||||
cp server-*.pem /etc/docker/cert/2375/
|
||||
|
||||
cp ca.pem /etc/docker/cert/2375/
|
||||
|
||||
rm -rf /usr/local/ca/
|
||||
|
||||
SEND_INFO "Docker 远程证书移动完毕,请手动配置 Docker 远程证书路径为 /etc/docker/cert/2375/"
|
||||
Reference in New Issue
Block a user