利⽤shell脚本实现https证书认证⽣成证书
脚本内容
#!/bin/bash
#简介
echo "-----------------------"
echo "作者:leidazhuang"
echo "时间:2021/4/1"
echo "本脚本⽤于⽣成httpd证书"
echo "-----------------------"
#变量
hostname=192.168.110.40
#删除
rm -rf /etc/pki/CA &>/dev/null
mkdir -p /etc/pki/CA/private && cd /etc/pki/CA
yum -y install expect &>/dev/null
#CA⽣成⼀对密钥
echo "正在⽣成密钥..."
sleep 1s
(umask 077;openssl genrsa -out private/cakey.pem 2048)
#提取公钥
echo "正在提取公钥..."
sleep 1s
openssl rsa -in private/cakey.pem -pubout
#⽣成⾃签署证书
echo "正在⽣成签署证书..."
sleep 1s
expect << EOF
set timeout 60
spawn openssl req -new -x509 -key private/cakey.pem -out cacert.pem -days 365
expect "letter code"  {send "cn\r"}
expect "full name"    {send "hb\r"}
expect "city"              {send "wh\r"}
expect "company"    {send "runtime\r"}
expect "section"          {send "abc\r"}
expect "hostname"    {send "${hostname}\r"}
expect "Email"    {send "123@qq\r"}
expect "#"
EOF
#读出cacert.pem证书的内容
echo "正在读取证书内容..."
sleep 1s
openssl x509 -text -in cacert.pem
mkdir certs newcerts crl
&& echo 01 > serial
#安装httpd
echo "正在安装"
sleep 1s
yum -y remove httpd &>/dev/null
yum -y install httpd &>/dev/null
systemctl enable --now httpd &>/dev/null
#httpd服务器⽣成密钥
echo "httpd服务器⽣成密钥中..."
sleep 1s
cd /etc/httpd && mkdir ssl && cd ssl
(umask 077;openssl genrsa -out httpd.key 2048)
#⽣成证书签署请求
echo "⽣成证书请求中..."
sleep 1s
expect << EOF
set timeout 60
spawn openssl req -new -key httpd.key -days 365 -out httpd.csr
expect "letter code"        {send "cn\r"}
expect "full name"          {send "hb\r"}
expect "city"                {send "wh\r"}
expect "company"            {send "runtime\r"}
expect "section"            {send "abc\r"}
expect "hostname"            {send "${hostname}\r"}
expect "Email"              {send "123@qq\r"}
expect "password"    {send "\r"}
expect "company name"  {send "\r"}
免费ssl证书永久生成expect "#"
EOF
#CA签署客户端提交上来的证书
expect << EOF
set timeout 60
spawn openssl ca -in ./httpd.csr - -days 365
expect "certificate"        {send "y\r"}
expect "commit"          {send "y\r"}
expect "#"
EOF
#安装mod_ssl
echo "安装"
sleep 1s
yum -y remove mod_ssl &>/dev/null
yum -y install mod_ssl &>/dev/null
sed -i "s/#DocumentRoot/DocumentRoot/g" /etc/httpd/conf.f
sed -i "s/#ample:443/ServerName ${hostname}:443/g" /etc/httpd/conf.f sed -i "s#/etc/pki/tls/#/etc/httpd/#g" /etc/httpd/conf.f
sed -i "s#/etc/pki/tls/private/localhost.key#/etc/httpd/ssl/httpd.key#g" /etc/httpd/conf.f
#重启httpd
echo "重启httpd服务..."
sleep 1s
systemctl restart httpd &>/dev/null
echo "查看端⼝"
ss -antl
查看端⼝验证
State    Recv-Q    Send-Q        Local Address:Port        Peer Address:Port
LISTEN    0          128                  0.0.0.0:22                0.0.0.0:*
LISTEN    0          128                    [::]:22                  [::]:*
LISTEN    0          128                        *:443                    *:*
LISTEN    0          128                        *:80                      *:*
验证
访问本机ip
点击⾼级--->继续访问
完成