首页/ 文章/ 学习/ openssl命令生成证书

openssl命令生成证书

0

CA脚本

openssl genrsa -out ca.key 2048
openssl req -new -x509 -key ca.key -days 3650 -out ca.crt -subj "/C=cn/ST=gd/L=gz/O=acgist/OU=acgist/CN=acgist"

证书脚本

mkdir -p /tmp/server
cd /tmp/server
echo "keyUsage = nonRepudiation, digitalSignature, keyEncipherment
extendedKeyUsage = serverAuth, clientAuth
subjectAltName=@SubjectAlternativeName

[ SubjectAlternativeName ]
IP.1=127.0.0.1
IP.2=192.168.8.188
DNS.1=*.acgist.com" > server.ext
openssl genrsa -out server.key 2048
openssl req -new -key server.key -out server.csr -subj "/C=cn/ST=gd/L=gz/O=acgist/OU=taoyao/CN=*.acgist.com"
openssl x509 -req -in server.csr -out server.crt -CA ./ca.crt -CAkey ./ca.key -CAcreateserial -days 3650 -extfile server.ext
openssl x509 -in server.crt -subject -issuer -noout
openssl pkcs12 -passout pass:123456 -export -in server.crt -inkey server.key -out server.p12
keytool -srcstorepass 123456 -deststorepass 123456 -importkeystore -v -srckeystore server.p12 -srcstoretype pkcs12 -destkeystore server.jks -deststoretype jks

Java脚本生成

// openssl genrsa -out ca.key 2048
// openssl req -new -x509 -key ca.key -days 3650 -out ca.crt -subj "/C=cn/ST=gd/L=gz/O=acgist/OU=acgist/CN=acgist"
final String cn       = "*.acgist.com";
final String name     = "server";
final String[] ip     = { "192.168.8.188"  };
final String[] dns    = { "*.acgist.com" };
final String password = "123456";
final AtomicInteger index = new AtomicInteger(2);
final String ipValue  = Stream.of(ip).map(v -> "IP." + index.getAndIncrement() + "=" + v).collect(Collectors.joining("\r\n"));
index.set(1);
final String dnsValue = Stream.of(dns).map(v -> "DNS." + index.getAndIncrement() + "=" + v).collect(Collectors.joining("\r\n"));
final String[] commands = new String[] {
    "mkdir -p /tmp/" + name,
    "cd /tmp/" + name,
    "echo \"keyUsage = nonRepudiation, digitalSignature, keyEncipherment\r\n" +
    "extendedKeyUsage = serverAuth, clientAuth\r\n"                           +
    "subjectAltName=@SubjectAlternativeName\r\n"                              +
    "\r\n"                                                                    +
    "[ SubjectAlternativeName ]\r\n"                                          +
    "IP.1=127.0.0.1\r\n"                                                      +
    "" + ipValue + (dnsValue.isEmpty() ? "" : "\r\n" + dnsValue) + "\" > " + name + ".ext",
    "openssl genrsa -out " + name + ".key 2048",
    "openssl req -new -key " + name + ".key -out " + name + ".csr -subj \"/C=cn/ST=gd/L=gz/O=acgist/OU=taoyao/CN=" + cn + "\"",
    "openssl x509 -req -in " + name + ".csr -out " + name + ".crt -CA ./ca.crt -CAkey ./ca.key -CAcreateserial -days 3650 -extfile " + name + ".ext",
    "openssl x509 -in " + name + ".crt -subject -issuer -noout",
    "openssl pkcs12 -passout pass:" + password + " -export -in " + name + ".crt -inkey " + name + ".key -out " + name + ".p12",
    "keytool -srcstorepass " + password + " -deststorepass " + password + " -importkeystore -v -srckeystore " + name + ".p12 -srcstoretype pkcs12 -destkeystore " + name + ".jks -deststoretype jks"
};
for (String command : commands) {
    System.out.println(command);
}
JNI内存释放 frp配置