create certificate on Linux by script ( Method 1)
Posted on 2026-04-28 11:56 k98091518 阅读(0) 评论(0) 收藏 举报Method 1
!/bin/bash
提示输入主机名
read -p "请输入主机名 (例如: WVABOSD11): " HOSTNAME
检查输入是否为空
if [ -z "$HOSTNAME" ]; then
echo "错误:主机名不能为空!"
exit 1
fi
定义文件名
CONF_FILE="${HOSTNAME}.scbmisp.conf"
KEY_FILE="${HOSTNAME}.scbmisp.key"
CSR_FILE="${HOSTNAME}.scbmisp.csr"
生成配置文件
cat > "$CONF_FILE" <<EOF
[ req ]
default_bits = 2048
encrypt_key = no
default_md = sha256
utf8 = yes
string_mask = utf8only
prompt = no
distinguished_name = server_dn
req_extensions = server_reqext
[ server_dn ]
countryName = HK
localityName = Central
organizationName = Shanghai Commercial Bank Ltd.
commonName = ${HOSTNAME}.scbmisp
[ server_reqext ]
basicConstraints = CA:FALSE
keyUsage = critical,digitalSignature,keyEncipherment
extendedKeyUsage = serverAuth
subjectKeyIdentifier = hash
subjectAltName = @alt_names
[alt_names]
DNS.1 = ${HOSTNAME}.scbmisp
EOF
echo "✅ 配置文件已生成: $CONF_FILE"
生成私钥和CSR
openssl req -new -nodes -sha256
-out "$CSR_FILE"
-config "$CONF_FILE"
-keyout "$KEY_FILE"
检查执行结果
if [ $? -eq 0 ]; then
echo "✅ CSR 生成成功: $CSR_FILE"
echo "✅ 私钥生成成功: $KEY_FILE"
echo ""
echo "验证 CSR 中的 SAN 扩展:"
openssl req -text -noout -in "$CSR_FILE" | grep -A 1 "X509v3 Subject Alternative Name"
else
echo "❌ 生成失败,请检查错误信息"
exit 1
fi