50 lines
1.7 KiB
Bash
50 lines
1.7 KiB
Bash
#!/bin/sh
|
||
|
||
#############################################################################################
|
||
# 用途: Nginx 签发证书脚本
|
||
# 作者: 丁辉
|
||
# 编写时间:2024-05-20
|
||
# 更新时间: 2025-12-19
|
||
#############################################################################################
|
||
|
||
# 定义默认变量
|
||
COUNTRY="CN" # 国家代码
|
||
STATE="Beijing" # 省份
|
||
CITY="Beijing" # 城市
|
||
ORGANIZATION="MyOrg" # 组织名称
|
||
ORGANIZATION_UNIT="IT" # 组织单位
|
||
EMAIL="admin@example.com" # 默认邮箱,使用默认域名占位,将在输入域名后更新
|
||
DAYS=3650 # 证书有效期(天)
|
||
OUTPUT_DIR="." # 输出目录,默认为当前目录
|
||
|
||
# 询问用户输入域名
|
||
echo "请输入域名(例如: example.com): "
|
||
read DOMAIN
|
||
|
||
# 更新邮箱,使用输入的域名
|
||
EMAIL="admin@$DOMAIN"
|
||
|
||
# 设置通用名称
|
||
COMMON_NAME="$DOMAIN"
|
||
|
||
# 检查OpenSSL是否安装
|
||
if ! command -v openssl &> /dev/null; then
|
||
echo "OpenSSL 未安装。请先安装OpenSSL。"
|
||
exit 1
|
||
fi
|
||
|
||
# 生成自签名证书(包含SAN扩展)
|
||
echo "生成私钥和自签名证书(包含SAN)..."
|
||
openssl req -x509 -nodes -days $DAYS -newkey rsa:2048 \
|
||
-keyout "$OUTPUT_DIR/server.key" \
|
||
-out "$OUTPUT_DIR/server.crt" \
|
||
-subj "/C=$COUNTRY/ST=$STATE/L=$CITY/O=$ORGANIZATION/OU=$ORGANIZATION_UNIT/CN=$COMMON_NAME/emailAddress=$EMAIL" \
|
||
-addext "subjectAltName = DNS:$DOMAIN"
|
||
|
||
echo "证书生成完成!"
|
||
echo "私钥: $OUTPUT_DIR/server.key"
|
||
echo "证书: $OUTPUT_DIR/server.crt"
|
||
|
||
# 验证证书(可选,检查SAN)
|
||
echo "验证证书信息:"
|
||
openssl x509 -in "$OUTPUT_DIR/server.crt" -text -noout | grep -A1 "Subject Alternative Name" |