summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorluwenpeng <[email protected]>2021-11-06 18:17:20 +0300
committerluwenpeng <[email protected]>2021-11-06 18:25:14 +0300
commit568d836443728265ef1afff576c2543062446007 (patch)
tree8c4dcc219a9a6a31d575f89db5902421802798f6
parent13efcdda612cb0b1432040abb8ab09110fd80748 (diff)
TSG-8365 为TSG/Nezha界面的服务端签发证书HEADmain
Diffstat
-rw-r--r--README.md181
-rw-r--r--conf/ca-root-for-e21.conf19
-rw-r--r--conf/nezha-entity-for-e21.conf18
-rw-r--r--conf/tsg-entity-for-e21.conf18
-rw-r--r--crt/ca-root-for-e21.crt23
-rw-r--r--crt/ca-root-for-e21.srl1
-rw-r--r--crt/nezha-entity-for-e21.crt22
-rw-r--r--crt/tsg-entity-for-e21.crt22
-rw-r--r--csr/nezha-entity-for-e21.csr18
-rw-r--r--csr/tsg-entity-for-e21.csr18
-rw-r--r--key/ca-root-for-e21.key27
-rw-r--r--key/nezha-entity-for-e21.key27
-rw-r--r--key/tsg-entity-for-e21.key27
-rw-r--r--sign.sh22
14 files changed, 441 insertions, 2 deletions
diff --git a/README.md b/README.md
index 7978c33..72a983b 100644
--- a/README.md
+++ b/README.md
@@ -1,4 +1,6 @@
-# 自签发证书用于TSG各组件间加密通信
+# 签发证书用于E21项目加密通信
+
+## 签发自签发证书用于TSG各组件间加密通信
**注意**
@@ -56,3 +58,180 @@ Y29tMAoGCCqGSM49BAMCA0gAMEUCIBi5SITjNG7P/5qVs6EyJ2E9602KiNUS1EbY
Not Before: Aug 31 05:59:42 2021 GMT
Not After : Aug 29 05:59:42 2031 GMT
```
+
+## 为 TSG/Nezha 的界面服务签发证书
+
+**注意**
+
+* 证书有效 20 年
+* TSG/Nezha 的证书不绑定域名,不绑定IP
+
+**根证书**
+
+```
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number: 14219135907191779218 (0xc55484c5792aef92)
+ Signature Algorithm: sha256WithRSAEncryption
+ Issuer: C=CN, ST=Beijing, L=Xicheng, O=GDNT, OU=Certificate Authority, CN=support/[email protected]
+ Validity
+ Not Before: Nov 5 07:47:19 2021 GMT
+ Not After : Oct 31 07:47:19 2041 GMT
+ Subject: C=CN, ST=Beijing, L=Xicheng, O=GDNT, OU=Certificate Authority, CN=support/[email protected]
+ Subject Public Key Info:
+ Public Key Algorithm: rsaEncryption
+ Public-Key: (2048 bit)
+ Modulus:
+ 00:d3:27:71:59:e9:1e:06:4d:68:3d:5c:01:ed:32:
+ a6:8f:c8:ff:75:b4:cc:4f:fa:8f:1e:9b:8a:6a:c8:
+ 8b:14:20:cc:ed:e3:a2:8f:b1:2d:1b:b5:6b:c0:87:
+ d0:ad:d7:78:33:7d:3d:1f:e9:59:ff:d3:3e:c0:e3:
+ 68:e6:7b:64:01:a3:e2:1d:10:9d:8b:ee:23:0b:12:
+ bc:3b:a7:9e:6d:68:b2:cf:c3:cf:2c:a6:30:20:fd:
+ da:83:6a:aa:d9:99:27:2d:da:c9:91:be:a8:1b:56:
+ 65:f8:cb:f8:3b:6a:07:3c:65:5c:a8:09:58:73:c2:
+ 55:e7:74:f5:11:de:dc:37:8a:47:44:01:f4:d1:3e:
+ 42:73:9c:f3:6b:6c:0d:80:99:50:55:9b:27:b9:07:
+ 33:fa:5c:36:60:ef:d0:d8:49:fe:a1:28:3d:ff:63:
+ c7:eb:be:0a:8f:9d:09:9b:8e:cf:41:6d:82:2e:ef:
+ bf:ee:e7:f1:b3:41:fa:cf:8d:37:1d:1c:24:69:d2:
+ fd:cd:c7:0c:b2:f9:3b:a5:37:55:53:e2:a6:7d:5d:
+ 6a:7c:8c:f7:24:5c:86:66:a2:c3:a0:8b:45:60:6d:
+ f0:bc:e3:29:4f:f3:5a:d5:54:a0:46:2a:59:cf:fc:
+ 95:d9:2c:a6:cb:3d:d5:ee:e8:fe:fe:03:2d:f0:a4:
+ 4b:49
+ Exponent: 65537 (0x10001)
+ X509v3 extensions:
+ X509v3 Basic Constraints:
+ CA:TRUE
+ Signature Algorithm: sha256WithRSAEncryption
+ 97:08:4e:dd:a1:b2:6b:de:d1:c1:8a:ef:e6:31:00:13:10:e8:
+ ca:5e:67:60:86:db:26:92:55:eb:6a:ce:5f:08:93:de:ad:4d:
+ 9e:5d:5d:31:8e:bf:8f:26:4f:3c:05:11:1f:28:5e:f4:a5:49:
+ dc:e3:40:ec:a7:5d:17:67:09:2e:06:f5:88:ed:63:8a:c1:92:
+ fa:22:cb:2b:f1:c8:08:3c:61:e4:ad:3e:65:ba:8e:08:55:8b:
+ bb:35:e1:ba:4d:bc:fe:59:06:07:fd:b5:50:6c:0c:77:27:22:
+ 1b:1f:d7:17:fd:d1:0a:6a:bd:38:6d:96:21:c2:47:dd:ca:ac:
+ 84:97:f9:70:3b:e2:ee:15:b8:8a:84:0d:6b:0f:e7:5b:c3:eb:
+ 2a:d0:33:a1:3a:ad:e7:ab:09:06:e2:fc:f9:44:3b:07:b1:13:
+ 28:d3:66:48:33:20:6a:d4:23:34:18:4f:a4:c6:e4:c2:f0:83:
+ 88:95:e7:a2:5e:f0:ce:59:98:42:e3:f1:05:f9:3d:f2:28:37:
+ 33:8f:88:dd:e8:b4:79:72:a0:83:b5:af:1c:92:86:4d:48:9b:
+ 5a:f4:97:c2:15:f2:31:2f:ca:95:b9:16:17:ce:de:0e:45:91:
+ f2:5b:de:27:3d:e0:7e:e4:3a:c7:45:f2:62:e7:3e:4e:d7:34:
+ 23:5b:28:ef
+```
+
+**TSG实体证书**
+
+```
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number: 16286509647829799335 (0xe2054e3c2dde11a7)
+ Signature Algorithm: sha256WithRSAEncryption
+ Issuer: C=CN, ST=Beijing, L=Xicheng, O=GDNT, OU=Certificate Authority, CN=support/[email protected]
+ Validity
+ Not Before: Nov 5 08:32:21 2021 GMT
+ Not After : Oct 30 08:32:21 2041 GMT
+ Subject: C=CN, ST=Beijing, L=Xicheng, O=GDNT, OU=TSG, CN=TSG9140/[email protected]
+ Subject Public Key Info:
+ Public Key Algorithm: rsaEncryption
+ Public-Key: (2048 bit)
+ Modulus:
+ 00:a8:5d:52:5b:9a:92:96:6c:e6:b8:19:02:e3:ce:
+ bd:b3:95:37:4d:a3:b6:5a:4e:d0:88:8c:af:db:64:
+ db:4e:3d:81:09:63:c1:78:d1:2b:13:6e:9c:57:c6:
+ d6:75:08:99:21:c3:54:a3:94:c7:b2:87:30:2d:0e:
+ b7:46:85:ac:bb:9b:3e:31:7f:6f:a5:61:e8:81:24:
+ dc:9e:9b:4a:a1:04:6d:1d:d7:24:8f:b7:34:85:57:
+ fa:88:07:b8:c2:c8:3f:c4:90:2c:05:6d:36:d0:c9:
+ 5b:0e:e4:99:e6:11:d0:99:29:b9:3f:5f:bf:34:98:
+ 82:bc:d8:2f:52:29:29:ab:f2:93:76:e6:e9:ab:49:
+ 1b:0f:27:0b:44:b1:d2:78:2d:df:1c:bb:51:37:01:
+ 0f:27:37:28:da:86:a3:6f:3a:f7:98:9a:76:fa:0f:
+ a6:dd:c1:74:96:75:ec:9d:38:df:c0:84:fe:c4:6f:
+ 23:23:79:05:5e:a8:9f:19:45:22:39:8c:0e:de:76:
+ 04:10:91:fe:6c:cc:da:69:79:a4:22:a7:fc:e3:7f:
+ 76:62:1c:60:11:af:97:2a:69:04:8e:01:72:8d:44:
+ b9:f8:b8:12:89:2b:8e:54:ec:11:72:1c:3c:d1:7b:
+ 68:ab:95:1c:c4:f8:59:a1:02:6e:5f:b1:00:57:cd:
+ 88:4f
+ Exponent: 65537 (0x10001)
+ X509v3 extensions:
+ X509v3 Basic Constraints:
+ CA:FALSE
+ Signature Algorithm: sha256WithRSAEncryption
+ 96:da:8d:f7:ef:75:07:36:ff:42:f4:c0:29:77:75:32:8f:f7:
+ c5:dc:0c:9b:7c:f1:f5:69:6b:7a:c0:b4:17:b4:20:84:2d:ac:
+ 58:0e:ad:93:31:3d:9d:ba:57:7f:04:44:96:21:9b:58:4c:5c:
+ 37:34:98:2c:df:30:3f:f5:a9:e4:df:5e:76:fc:78:b1:95:6d:
+ d4:5f:d4:bc:93:5b:88:59:7b:b7:a2:2f:de:0b:df:7f:b5:83:
+ e0:34:8c:45:0e:67:c2:82:28:67:79:ff:be:62:99:eb:bd:4d:
+ 6c:dc:7d:40:92:28:fa:cc:c1:22:c0:ef:f6:b1:f0:fd:cf:08:
+ 8d:c2:54:30:cb:7d:10:ff:04:7b:46:63:64:79:69:ca:7f:14:
+ 78:f4:90:be:bc:d0:54:5f:64:f2:c2:71:8d:d9:d2:8a:64:05:
+ 53:bb:1c:d8:24:1f:01:6e:53:6a:af:2d:77:1f:58:be:95:6c:
+ 8c:3c:b7:9d:ae:38:75:28:e3:f3:83:53:4b:7c:9e:7d:bd:d0:
+ f5:01:96:a5:5b:40:32:ff:79:ea:e1:3b:de:07:88:c9:1f:b9:
+ f2:70:a3:30:77:7e:15:d8:4b:b6:90:88:41:94:17:8a:2f:02:
+ 81:14:d1:7c:ca:2b:c2:9d:0c:71:f0:dd:f0:06:14:c0:bd:81:
+ 25:17:f9:d7
+```
+**Nezha实体证书**
+
+```
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number: 16286509647829799334 (0xe2054e3c2dde11a6)
+ Signature Algorithm: sha256WithRSAEncryption
+ Issuer: C=CN, ST=Beijing, L=Xicheng, O=GDNT, OU=Certificate Authority, CN=support/[email protected]
+ Validity
+ Not Before: Nov 5 08:04:17 2021 GMT
+ Not After : Oct 30 08:04:17 2041 GMT
+ Subject: C=CN, ST=Beijing, L=Xicheng, O=GDNT, OU=TSG, CN=Nezha/[email protected]
+ Subject Public Key Info:
+ Public Key Algorithm: rsaEncryption
+ Public-Key: (2048 bit)
+ Modulus:
+ 00:ab:5c:2e:a1:9c:49:33:c2:04:10:63:c2:2a:8b:
+ 6a:9a:81:71:96:75:35:0d:62:f3:85:de:03:b4:8b:
+ db:03:ba:dd:f9:bf:49:29:96:65:34:4b:0a:8e:ba:
+ 2c:4e:ad:92:d0:71:ed:b1:75:7f:5e:98:1c:a0:6c:
+ 80:be:00:94:d0:8e:74:8f:fb:e9:04:ba:c6:8b:88:
+ bf:a6:08:b5:2f:02:da:5f:4e:88:a5:44:2c:61:ef:
+ 2f:11:30:d9:b1:6e:df:6c:fc:dc:b9:6d:2e:0c:76:
+ 53:7a:15:ac:27:9f:b3:5b:db:a9:e4:3b:8d:ce:68:
+ c3:d6:d2:10:af:84:22:4e:4d:f3:b8:24:4f:71:72:
+ f2:81:e6:9f:d1:97:89:bd:1e:fa:31:6b:fd:1f:d2:
+ ea:6b:93:ac:14:6f:29:4b:3c:3b:38:87:ea:fb:57:
+ 82:11:fc:5e:3b:66:47:57:5e:5d:01:d6:a5:fc:4f:
+ 5e:da:6c:5f:d5:fc:45:4a:1e:71:96:fe:b6:7c:72:
+ 2b:7e:ab:8d:83:20:98:98:72:be:45:b7:5b:fe:1f:
+ 49:6b:6f:b4:ba:57:5b:52:41:3b:66:a7:42:c0:8a:
+ 53:46:a6:9e:fa:a5:5c:41:62:5b:73:07:36:b2:3d:
+ 07:ad:39:62:4c:3a:cb:bc:20:e4:c2:f7:60:07:c8:
+ ea:59
+ Exponent: 65537 (0x10001)
+ X509v3 extensions:
+ X509v3 Basic Constraints:
+ CA:FALSE
+ Signature Algorithm: sha256WithRSAEncryption
+ 5a:59:68:75:bd:4f:3f:33:f9:85:8a:6e:eb:f9:da:25:28:fe:
+ 9f:a1:3a:3c:a3:bc:82:65:74:20:da:f1:45:53:5f:8b:e0:8e:
+ f1:54:b6:e2:5c:f4:6e:b5:78:b0:ea:09:e6:3d:05:e5:0b:64:
+ 31:5d:21:63:9c:56:de:3a:4c:54:aa:ea:56:8f:ef:14:59:c8:
+ d6:37:8b:57:9e:1c:68:f2:f4:c0:88:0c:c8:30:9d:95:cc:d1:
+ 1f:7c:cf:cb:cf:28:7e:ca:9d:ee:e7:13:6e:66:f9:b9:20:2c:
+ 3b:f3:18:19:63:fd:c2:fb:b8:ec:4c:aa:01:5f:20:16:08:86:
+ 62:e0:28:2b:d6:9b:38:05:2c:3c:ab:f8:b7:89:28:3d:80:ac:
+ 76:1c:45:d4:f3:6b:32:26:9f:e3:78:c2:42:97:8b:6c:ed:ef:
+ b1:39:27:bd:30:6d:d3:ef:1c:ef:c6:d8:cd:8b:8e:16:ad:e0:
+ 8a:9a:e4:6b:51:a9:b4:e5:5f:35:fa:ee:94:47:82:ee:25:d3:
+ 00:7d:5c:d8:87:c7:00:f6:9f:19:7a:90:64:9b:af:36:19:d5:
+ c9:0c:45:73:be:69:b4:05:f7:65:e8:eb:27:76:52:9c:00:1f:
+ 48:1e:2b:81:79:0d:2b:70:75:04:e2:08:11:bd:e6:49:12:2b:
+ 88:5b:ca:fd
+``` \ No newline at end of file
diff --git a/conf/ca-root-for-e21.conf b/conf/ca-root-for-e21.conf
new file mode 100644
index 0000000..8638b66
--- /dev/null
+++ b/conf/ca-root-for-e21.conf
@@ -0,0 +1,19 @@
+[ req ]
+default_bits = 4096
+default_md = sha256
+distinguished_name = req_distinguished_name
+encrypt_key = no
+prompt = no
+x509_extensions = req_v3_ca
+
+[ req_distinguished_name ]
+countryName = CN
+stateOrProvinceName = Beijing
+localityName = Xicheng
+organizationName = GDNT
+organizationalUnitName = Certificate Authority
+commonName = support
+emailAddress = [email protected]
+
+[ req_v3_ca ]
+basicConstraints = CA:true \ No newline at end of file
diff --git a/conf/nezha-entity-for-e21.conf b/conf/nezha-entity-for-e21.conf
new file mode 100644
index 0000000..362e8eb
--- /dev/null
+++ b/conf/nezha-entity-for-e21.conf
@@ -0,0 +1,18 @@
+[ req ]
+default_bits = 2048
+distinguished_name = req_distinguished_name
+encrypt_key = no
+prompt = no
+req_extensions = req_v3_usr
+
+[ req_distinguished_name ]
+countryName = CN
+stateOrProvinceName = Beijing
+localityName = Xicheng
+organizationName = GDNT
+organizationalUnitName = TSG
+commonName = Nezha
+emailAddress = [email protected]
+
+[ req_v3_usr ]
+basicConstraints = CA:FALSE \ No newline at end of file
diff --git a/conf/tsg-entity-for-e21.conf b/conf/tsg-entity-for-e21.conf
new file mode 100644
index 0000000..0fc1636
--- /dev/null
+++ b/conf/tsg-entity-for-e21.conf
@@ -0,0 +1,18 @@
+[ req ]
+default_bits = 2048
+distinguished_name = req_distinguished_name
+encrypt_key = no
+prompt = no
+req_extensions = req_v3_usr
+
+[ req_distinguished_name ]
+countryName = CN
+stateOrProvinceName = Beijing
+localityName = Xicheng
+organizationName = GDNT
+organizationalUnitName = TSG
+commonName = TSG9140
+emailAddress = [email protected]
+
+[ req_v3_usr ]
+basicConstraints = CA:FALSE \ No newline at end of file
diff --git a/crt/ca-root-for-e21.crt b/crt/ca-root-for-e21.crt
new file mode 100644
index 0000000..67c1e34
--- /dev/null
+++ b/crt/ca-root-for-e21.crt
@@ -0,0 +1,23 @@
+-----BEGIN CERTIFICATE-----
+MIIDxzCCAq+gAwIBAgIJAMVUhMV5Ku+SMA0GCSqGSIb3DQEBCwUAMIGZMQswCQYD
+VQQGEwJDTjEQMA4GA1UECAwHQmVpamluZzEQMA4GA1UEBwwHWGljaGVuZzENMAsG
+A1UECgwER0ROVDEeMBwGA1UECwwVQ2VydGlmaWNhdGUgQXV0aG9yaXR5MRAwDgYD
+VQQDDAdzdXBwb3J0MSUwIwYJKoZIhvcNAQkBFhZzdXBwb3J0QGdkbnQtY2xvdWQu
+Y29tMB4XDTIxMTEwNTA3NDcxOVoXDTQxMTAzMTA3NDcxOVowgZkxCzAJBgNVBAYT
+AkNOMRAwDgYDVQQIDAdCZWlqaW5nMRAwDgYDVQQHDAdYaWNoZW5nMQ0wCwYDVQQK
+DARHRE5UMR4wHAYDVQQLDBVDZXJ0aWZpY2F0ZSBBdXRob3JpdHkxEDAOBgNVBAMM
+B3N1cHBvcnQxJTAjBgkqhkiG9w0BCQEWFnN1cHBvcnRAZ2RudC1jbG91ZC5jb20w
+ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDTJ3FZ6R4GTWg9XAHtMqaP
+yP91tMxP+o8em4pqyIsUIMzt46KPsS0btWvAh9Ct13gzfT0f6Vn/0z7A42jme2QB
+o+IdEJ2L7iMLErw7p55taLLPw88spjAg/dqDaqrZmSct2smRvqgbVmX4y/g7agc8
+ZVyoCVhzwlXndPUR3tw3ikdEAfTRPkJznPNrbA2AmVBVmye5BzP6XDZg79DYSf6h
+KD3/Y8frvgqPnQmbjs9BbYIu77/u5/GzQfrPjTcdHCRp0v3Nxwyy+TulN1VT4qZ9
+XWp8jPckXIZmosOgi0VgbfC84ylP81rVVKBGKlnP/JXZLKbLPdXu6P7+Ay3wpEtJ
+AgMBAAGjEDAOMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAJcITt2h
+smve0cGK7+YxABMQ6MpeZ2CG2yaSVetqzl8Ik96tTZ5dXTGOv48mTzwFER8oXvSl
+SdzjQOynXRdnCS4G9YjtY4rBkvoiyyvxyAg8YeStPmW6jghVi7s14bpNvP5ZBgf9
+tVBsDHcnIhsf1xf90QpqvThtliHCR93KrISX+XA74u4VuIqEDWsP51vD6yrQM6E6
+reerCQbi/PlEOwexEyjTZkgzIGrUIzQYT6TG5MLwg4iV56Je8M5ZmELj8QX5PfIo
+NzOPiN3otHlyoIO1rxyShk1Im1r0l8IV8jEvypW5FhfO3g5FkfJb3ic94H7kOsdF
+8mLnPk7XNCNbKO8=
+-----END CERTIFICATE-----
diff --git a/crt/ca-root-for-e21.srl b/crt/ca-root-for-e21.srl
new file mode 100644
index 0000000..a28c951
--- /dev/null
+++ b/crt/ca-root-for-e21.srl
@@ -0,0 +1 @@
+E2054E3C2DDE11A7
diff --git a/crt/nezha-entity-for-e21.crt b/crt/nezha-entity-for-e21.crt
new file mode 100644
index 0000000..40c9a8c
--- /dev/null
+++ b/crt/nezha-entity-for-e21.crt
@@ -0,0 +1,22 @@
+-----BEGIN CERTIFICATE-----
+MIIDsDCCApigAwIBAgIJAOIFTjwt3hGmMA0GCSqGSIb3DQEBCwUAMIGZMQswCQYD
+VQQGEwJDTjEQMA4GA1UECAwHQmVpamluZzEQMA4GA1UEBwwHWGljaGVuZzENMAsG
+A1UECgwER0ROVDEeMBwGA1UECwwVQ2VydGlmaWNhdGUgQXV0aG9yaXR5MRAwDgYD
+VQQDDAdzdXBwb3J0MSUwIwYJKoZIhvcNAQkBFhZzdXBwb3J0QGdkbnQtY2xvdWQu
+Y29tMB4XDTIxMTEwNTA4MDQxN1oXDTQxMTAzMDA4MDQxN1owgYUxCzAJBgNVBAYT
+AkNOMRAwDgYDVQQIDAdCZWlqaW5nMRAwDgYDVQQHDAdYaWNoZW5nMQ0wCwYDVQQK
+DARHRE5UMQwwCgYDVQQLDANUU0cxDjAMBgNVBAMMBU5lemhhMSUwIwYJKoZIhvcN
+AQkBFhZzdXBwb3J0QGdkbnQtY2xvdWQuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOC
+AQ8AMIIBCgKCAQEAq1wuoZxJM8IEEGPCKotqmoFxlnU1DWLzhd4DtIvbA7rd+b9J
+KZZlNEsKjrosTq2S0HHtsXV/XpgcoGyAvgCU0I50j/vpBLrGi4i/pgi1LwLaX06I
+pUQsYe8vETDZsW7fbPzcuW0uDHZTehWsJ5+zW9up5DuNzmjD1tIQr4QiTk3zuCRP
+cXLygeaf0ZeJvR76MWv9H9Lqa5OsFG8pSzw7OIfq+1eCEfxeO2ZHV15dAdal/E9e
+2mxf1fxFSh5xlv62fHIrfquNgyCYmHK+Rbdb/h9Ja2+0uldbUkE7ZqdCwIpTRqae
++qVcQWJbcwc2sj0HrTliTDrLvCDkwvdgB8jqWQIDAQABow0wCzAJBgNVHRMEAjAA
+MA0GCSqGSIb3DQEBCwUAA4IBAQBaWWh1vU8/M/mFim7r+dolKP6foTo8o7yCZXQg
+2vFFU1+L4I7xVLbiXPRutXiw6gnmPQXlC2QxXSFjnFbeOkxUqupWj+8UWcjWN4tX
+nhxo8vTAiAzIMJ2VzNEffM/Lzyh+yp3u5xNuZvm5ICw78xgZY/3C+7jsTKoBXyAW
+CIZi4Cgr1ps4BSw8q/i3iSg9gKx2HEXU82syJp/jeMJCl4ts7e+xOSe9MG3T7xzv
+xtjNi44WreCKmuRrUam05V81+u6UR4LuJdMAfVzYh8cA9p8ZepBkm682GdXJDEVz
+vmm0Bfdl6OsndlKcAB9IHiuBeQ0rcHUE4ggRveZJEiuIW8r9
+-----END CERTIFICATE-----
diff --git a/crt/tsg-entity-for-e21.crt b/crt/tsg-entity-for-e21.crt
new file mode 100644
index 0000000..a26277a
--- /dev/null
+++ b/crt/tsg-entity-for-e21.crt
@@ -0,0 +1,22 @@
+-----BEGIN CERTIFICATE-----
+MIIDsjCCApqgAwIBAgIJAOIFTjwt3hGnMA0GCSqGSIb3DQEBCwUAMIGZMQswCQYD
+VQQGEwJDTjEQMA4GA1UECAwHQmVpamluZzEQMA4GA1UEBwwHWGljaGVuZzENMAsG
+A1UECgwER0ROVDEeMBwGA1UECwwVQ2VydGlmaWNhdGUgQXV0aG9yaXR5MRAwDgYD
+VQQDDAdzdXBwb3J0MSUwIwYJKoZIhvcNAQkBFhZzdXBwb3J0QGdkbnQtY2xvdWQu
+Y29tMB4XDTIxMTEwNTA4MzIyMVoXDTQxMTAzMDA4MzIyMVowgYcxCzAJBgNVBAYT
+AkNOMRAwDgYDVQQIDAdCZWlqaW5nMRAwDgYDVQQHDAdYaWNoZW5nMQ0wCwYDVQQK
+DARHRE5UMQwwCgYDVQQLDANUU0cxEDAOBgNVBAMMB1RTRzkxNDAxJTAjBgkqhkiG
+9w0BCQEWFnN1cHBvcnRAZ2RudC1jbG91ZC5jb20wggEiMA0GCSqGSIb3DQEBAQUA
+A4IBDwAwggEKAoIBAQCoXVJbmpKWbOa4GQLjzr2zlTdNo7ZaTtCIjK/bZNtOPYEJ
+Y8F40SsTbpxXxtZ1CJkhw1SjlMeyhzAtDrdGhay7mz4xf2+lYeiBJNyem0qhBG0d
+1ySPtzSFV/qIB7jCyD/EkCwFbTbQyVsO5JnmEdCZKbk/X780mIK82C9SKSmr8pN2
+5umrSRsPJwtEsdJ4Ld8cu1E3AQ8nNyjahqNvOveYmnb6D6bdwXSWdeydON/AhP7E
+byMjeQVeqJ8ZRSI5jA7edgQQkf5szNppeaQip/zjf3ZiHGARr5cqaQSOAXKNRLn4
+uBKJK45U7BFyHDzRe2irlRzE+FmhAm5fsQBXzYhPAgMBAAGjDTALMAkGA1UdEwQC
+MAAwDQYJKoZIhvcNAQELBQADggEBAJbajffvdQc2/0L0wCl3dTKP98XcDJt88fVp
+a3rAtBe0IIQtrFgOrZMxPZ26V38ERJYhm1hMXDc0mCzfMD/1qeTfXnb8eLGVbdRf
+1LyTW4hZe7eiL94L33+1g+A0jEUOZ8KCKGd5/75imeu9TWzcfUCSKPrMwSLA7/ax
+8P3PCI3CVDDLfRD/BHtGY2R5acp/FHj0kL680FRfZPLCcY3Z0opkBVO7HNgkHwFu
+U2qvLXcfWL6VbIw8t52uOHUo4/ODU0t8nn290PUBlqVbQDL/eerhO94HiMkfufJw
+ozB3fhXYS7aQiEGUF4ovAoEU0XzKK8KdDHHw3fAGFMC9gSUX+dc=
+-----END CERTIFICATE-----
diff --git a/csr/nezha-entity-for-e21.csr b/csr/nezha-entity-for-e21.csr
new file mode 100644
index 0000000..2a60e62
--- /dev/null
+++ b/csr/nezha-entity-for-e21.csr
@@ -0,0 +1,18 @@
+-----BEGIN CERTIFICATE REQUEST-----
+MIIC5zCCAc8CAQAwgYUxCzAJBgNVBAYTAkNOMRAwDgYDVQQIDAdCZWlqaW5nMRAw
+DgYDVQQHDAdYaWNoZW5nMQ0wCwYDVQQKDARHRE5UMQwwCgYDVQQLDANUU0cxDjAM
+BgNVBAMMBU5lemhhMSUwIwYJKoZIhvcNAQkBFhZzdXBwb3J0QGdkbnQtY2xvdWQu
+Y29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq1wuoZxJM8IEEGPC
+KotqmoFxlnU1DWLzhd4DtIvbA7rd+b9JKZZlNEsKjrosTq2S0HHtsXV/XpgcoGyA
+vgCU0I50j/vpBLrGi4i/pgi1LwLaX06IpUQsYe8vETDZsW7fbPzcuW0uDHZTehWs
+J5+zW9up5DuNzmjD1tIQr4QiTk3zuCRPcXLygeaf0ZeJvR76MWv9H9Lqa5OsFG8p
+Szw7OIfq+1eCEfxeO2ZHV15dAdal/E9e2mxf1fxFSh5xlv62fHIrfquNgyCYmHK+
+Rbdb/h9Ja2+0uldbUkE7ZqdCwIpTRqae+qVcQWJbcwc2sj0HrTliTDrLvCDkwvdg
+B8jqWQIDAQABoBwwGgYJKoZIhvcNAQkOMQ0wCzAJBgNVHRMEAjAAMA0GCSqGSIb3
+DQEBCwUAA4IBAQBIRN2I6tsXPkCCIZTAMXWb4v/E69+ZUKouhw8xLGvAoed/QgYb
+F38EJkcWxDuEQLMya6pq/DEX4bxYwfRurCuda50p76Nd9ddZ6ogqmqdrqNHoPQNr
+k0PJIOUbK30Y/gcM6yFBXBl+exOXjdb1BHivFksgPztkqGh4PP5n3DeWBdWjHGlI
+c5Mrqytdx0D3K0syL6hBKhCIzPjplnvXr/b920KuvMiVB5KA51P8zj22yIfI0e0g
+IU9CV5NZFC7qOSVec03cjMRiQo5lgH9+547K1VA3jpv5gPwzTmpBGBIzkSS8bqjq
+D/raS5eRgHOv0CCX0TS9G5pxDqmduKHfnHa8
+-----END CERTIFICATE REQUEST-----
diff --git a/csr/tsg-entity-for-e21.csr b/csr/tsg-entity-for-e21.csr
new file mode 100644
index 0000000..7c92f88
--- /dev/null
+++ b/csr/tsg-entity-for-e21.csr
@@ -0,0 +1,18 @@
+-----BEGIN CERTIFICATE REQUEST-----
+MIIC6TCCAdECAQAwgYcxCzAJBgNVBAYTAkNOMRAwDgYDVQQIDAdCZWlqaW5nMRAw
+DgYDVQQHDAdYaWNoZW5nMQ0wCwYDVQQKDARHRE5UMQwwCgYDVQQLDANUU0cxEDAO
+BgNVBAMMB1RTRzkxNDAxJTAjBgkqhkiG9w0BCQEWFnN1cHBvcnRAZ2RudC1jbG91
+ZC5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCoXVJbmpKWbOa4
+GQLjzr2zlTdNo7ZaTtCIjK/bZNtOPYEJY8F40SsTbpxXxtZ1CJkhw1SjlMeyhzAt
+DrdGhay7mz4xf2+lYeiBJNyem0qhBG0d1ySPtzSFV/qIB7jCyD/EkCwFbTbQyVsO
+5JnmEdCZKbk/X780mIK82C9SKSmr8pN25umrSRsPJwtEsdJ4Ld8cu1E3AQ8nNyja
+hqNvOveYmnb6D6bdwXSWdeydON/AhP7EbyMjeQVeqJ8ZRSI5jA7edgQQkf5szNpp
+eaQip/zjf3ZiHGARr5cqaQSOAXKNRLn4uBKJK45U7BFyHDzRe2irlRzE+FmhAm5f
+sQBXzYhPAgMBAAGgHDAaBgkqhkiG9w0BCQ4xDTALMAkGA1UdEwQCMAAwDQYJKoZI
+hvcNAQELBQADggEBAACrePFPCth4U+X1IKqQBfR5L7GAKdyXza2oCdFzjgaXGhig
+53UlPrLMQKP5DwQzRpt0ZlURfXDgW+SPDzHvoba2cBTPbP3ApU9VxMxwyHoxb77r
+0ZlTZ8zQgc4NMoGsjCkiD3+dswVeRJZCLjHM/krpW21HT8AnABLwxNJn6nCQ5365
+RUh6iyDBynMJ90qf3Z3bCvmPhMrSC7DHqnlKzLw08qWU/GsxGJnqw6EtHlMm+TgE
+EYya6mJEKRo+hrCY8IdAIyOxYhC4ZRTKCNIVMgn6VHIFdUwPuT1o0mpOtXAyLL2A
+zmZfW3rThwGprGUE6Yz7yGKOQJusuHA3QrNCsms=
+-----END CERTIFICATE REQUEST-----
diff --git a/key/ca-root-for-e21.key b/key/ca-root-for-e21.key
new file mode 100644
index 0000000..19600ee
--- /dev/null
+++ b/key/ca-root-for-e21.key
@@ -0,0 +1,27 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIEowIBAAKCAQEA0ydxWekeBk1oPVwB7TKmj8j/dbTMT/qPHpuKasiLFCDM7eOi
+j7EtG7VrwIfQrdd4M309H+lZ/9M+wONo5ntkAaPiHRCdi+4jCxK8O6eebWiyz8PP
+LKYwIP3ag2qq2ZknLdrJkb6oG1Zl+Mv4O2oHPGVcqAlYc8JV53T1Ed7cN4pHRAH0
+0T5Cc5zza2wNgJlQVZsnuQcz+lw2YO/Q2En+oSg9/2PH674Kj50Jm47PQW2CLu+/
+7ufxs0H6z403HRwkadL9zccMsvk7pTdVU+KmfV1qfIz3JFyGZqLDoItFYG3wvOMp
+T/Na1VSgRipZz/yV2Symyz3V7uj+/gMt8KRLSQIDAQABAoIBAGGbjwtn9qglKjWL
+DZzvWA2JdYWc0QF7qqMUdZTNJXVlgDXLj37rARYY9Dlozu89dmQe1Z2lyiO3LAAQ
+X5KDoYQclM6ouptPtsVMoNTWtCaRSm8+bcuO+xqVHmi3a0jxQioxRBJqVt1kP/kV
+mKcmaTfjB0TqJQhF4l3/M7ZSFexZ2TXYIsfhNEf3AquGcIsXptf7cG698K2RvvOS
+/M/PF6bZc63yA7r33j9wL1s0BeAAc5JvbH4kxJWltLaYUPM1QlX2c9f63cvvO936
+xDu1ClYfo4c2qwIpVGTGHoT0OienGWcIah9r9vi+gTLHhqjzHO9Oz0VzS9eYJcJC
+Mn/MOE0CgYEA9bmuQR4f7RVzDIlIh/erDTkZP09aB6KRJ+kaLDj6lXp9lsI8WFPx
+TkC6WCvrp3ZSSVZvSG5V1zWw5wmZcd5kQGPlLecultMVUi5a2k6vpwDEIBuOQz0N
+jZ7fpJC2GVqJMMCWvGtn8omU7dWL9xo8usJyVZNK4xsGir16w6zRozcCgYEA2/uz
+be8zJ0uyi5uYYSBzRyUszU+0qj9Irov2qc/+Ko+ELMQmMkuKK9Tx5ZZyMbA7WFLl
+Jup72zYrDfCmqnhfXq9ZfsIGfi7OiwF3FZaMqcH1ZIRIDrHBp1yEECwCCIqei33V
+dAAzkoHeWuBKer0JE/9hx3o6V5bZPYiJqMnNxX8CgYANjOW9FYoxKsOjZ1ammNPH
+8OQhh6CxVxemGcaltaar44tVavSk8kwWQp+ECTf/jhjPjoKofd0h9wYAV5ksnFTu
+8BNNSrhY/N7qH0BHVZt+HB60npBjyNQcgSxYCNrh3wo9tAEb9thOmaOq0eHcCIhc
+zCg969dvWqgrsnM4oykUVQKBgFevZZ8daItyTfH+DGgysiCavdf8vGvcG9GPcrvP
+b2VxnWLmsL79g07ja6RzKoOJ1q3nJPY1IzeGyPSehyCOKJ2qUYcIOeRULfoUlG4j
+e2AzMuhlHf/VdPaMFwwHLqxO7NF3T/0UE3qDj6kznBx+ez7gXg5QNy8wrtkrMov4
+HLBrAoGBALVoyM3HhpxqfUScCA6OUvtpZLN3UOt52mvuCbtT6JTbPzZ52TLhkLdq
+BVvH30tNM1zPvNAejnUZiksleMNjo1N1lrqB6MHK828IBpY1u7PRnmz62fkqR0TX
+/w7QJILnj+E7Nt8sAiZhJ2j69WmRJZJFEPtjD6jqyNIdRE6ADlKx
+-----END RSA PRIVATE KEY-----
diff --git a/key/nezha-entity-for-e21.key b/key/nezha-entity-for-e21.key
new file mode 100644
index 0000000..66736b0
--- /dev/null
+++ b/key/nezha-entity-for-e21.key
@@ -0,0 +1,27 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIEowIBAAKCAQEAq1wuoZxJM8IEEGPCKotqmoFxlnU1DWLzhd4DtIvbA7rd+b9J
+KZZlNEsKjrosTq2S0HHtsXV/XpgcoGyAvgCU0I50j/vpBLrGi4i/pgi1LwLaX06I
+pUQsYe8vETDZsW7fbPzcuW0uDHZTehWsJ5+zW9up5DuNzmjD1tIQr4QiTk3zuCRP
+cXLygeaf0ZeJvR76MWv9H9Lqa5OsFG8pSzw7OIfq+1eCEfxeO2ZHV15dAdal/E9e
+2mxf1fxFSh5xlv62fHIrfquNgyCYmHK+Rbdb/h9Ja2+0uldbUkE7ZqdCwIpTRqae
++qVcQWJbcwc2sj0HrTliTDrLvCDkwvdgB8jqWQIDAQABAoIBAG+5TWnvBMcrIw0w
+jYLBnUKZTN6lEm7k6hOIue+4E5at+lYAAoqL1PYwSvTdq0+s2YDwFuJR0jZxhJCP
+zayTonMLvjG2M6nywMpu4U02djLtcEUdZfgip7E+ifhyWizWNfPQNXTsG07iwvBh
+OvompIEqie0VaxJ9udnQ4jIdO2TDWt573lYen7AfX72jeG03kVMS0xUNdxWXQo+g
+/Jv5E2NsWFzWH/a4ezPmYDFxQaKh3b0yJNJC8o12GnjU98COvq80Y6l400x8uDIv
+KUYNebGDydKv6Sh66jEHDM9KHSJFlOOvh4OSkx+Vp1FsULya0Qt80lVW6/Cqf0Kc
+3su1y5ECgYEA2loxcPwwCXYNdc2a99LWqhluPJ94lpVdLd7APBBSlB/QT84qfuj5
+j6fZ+UXWCPghxajIBtaoihacmDkArlOpaVsmHeXiiisyp0Wc8Lvto3NqmNMj1qVj
+7shTlTIKhVIsN82CN7kCc5PeUsBkRVHwKwq5/SpuuVNf8Q+yA4SGWUUCgYEAyOfP
+EoWlzZJq1gxUxdG36JjZnikIevD5RH2d7x+kdrC19C/1dnNgraJa3uDF5+WFvCOH
+C0zjuLMU7f0H7VkvsVoZgwIUFbLjcqnHK2VVLj70oeO4xXYia9miaYGTh2TNIVGu
+bCmg/9/8w6FXisVC7Kpe9aJKN0gkB5cu5dKZPAUCgYA9ND7bjrTgUgjf1mvzv1OQ
+hmRR9dlVTDS8IM39iA29m1VGqWFcBW2+iKwepSajiPneb7rxv8WqP0BRotjABI9e
+CsCabM+dLxKZtHeTOvoXcMiWYciP5/gk/F4BWe99A1WFpsMzX1aCkxYkV+1DSP5q
+8izD+9rhc69W4LFjLwiBiQKBgCMRCvyxpSoHh2xLBLTukQohO8K2aMuEqg2BW4K0
+ZDFvUKMJh++f3d0QvImwc/qw/jHDhbu8NPc1Es8jXjHYYlGzZ0aNo1HSQo7uAVya
+uE51IJ/tLoAQyZtHhmih/E0ilAdfyXEJpxdiUi0XST9ohPDoH+EB7bBOgDNu+PmW
+U7a9AoGBANhwuJ1F34adH9FSWaFz2Fv5aeQgzcK/lDLR9DQ8YGWgAAJwKcRam/3b
+YeKpIPra7ctyl9EYXkFn/luoMNqY4ziponxgCSIQNmkIzIoJANpRbe3Xh0aF3bwA
+C2RLhQtwXMR2y3fL126y2bApKn5RFmiQ3vsuvf1j7ATNBGoXgH7K
+-----END RSA PRIVATE KEY-----
diff --git a/key/tsg-entity-for-e21.key b/key/tsg-entity-for-e21.key
new file mode 100644
index 0000000..a7717b3
--- /dev/null
+++ b/key/tsg-entity-for-e21.key
@@ -0,0 +1,27 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIEpQIBAAKCAQEAqF1SW5qSlmzmuBkC4869s5U3TaO2Wk7QiIyv22TbTj2BCWPB
+eNErE26cV8bWdQiZIcNUo5THsocwLQ63RoWsu5s+MX9vpWHogSTcnptKoQRtHdck
+j7c0hVf6iAe4wsg/xJAsBW020MlbDuSZ5hHQmSm5P1+/NJiCvNgvUikpq/KTdubp
+q0kbDycLRLHSeC3fHLtRNwEPJzco2oajbzr3mJp2+g+m3cF0lnXsnTjfwIT+xG8j
+I3kFXqifGUUiOYwO3nYEEJH+bMzaaXmkIqf84392YhxgEa+XKmkEjgFyjUS5+LgS
+iSuOVOwRchw80Xtoq5UcxPhZoQJuX7EAV82ITwIDAQABAoIBAQCA0o7umlHpGUBb
+wn9skUajPtwG4unnJYD3yjXQd9Y5gmPWLGbfq6P7BVpI61IyUDbjF5MOawt1dW0O
+PMFNC4EENx+aPfjOISEGl47bKNUsaLeY6oIGGNbt5EhEhyv+lbv9CZc1O8CCdl7f
+AVkkKaNjXgJpFDi35K28Eun6QpapAf7/1LkNfEZFUAPCXP+J1oOKo+bryzr522tr
+4fHjq84q8BZ1UDbsWYJO54yQzPAOScvSzf6AVhYxz5t+WdunOCoUSd0mvH5T+s4s
+UNuM3WXdHQvEy9dGnYVOeMFZSU7TblYU/Ai5rVOwZr04EqBuQWdQxWqT2u+IMJx2
+fXNCTu0pAoGBAN8JoTwyDOo6ti6hCQSc3avx/7HNgNjY6YirhXM2yGqBWMig5L9U
+N7xAhbXdB4v/EHeuQTHOEPs3+7uae6/Nt7tj9dGICr/t31ttzzSBbi+iihwQjRpm
+DGGpcVVFXCoBrvF7GvRV0Fwt6Wsh0c6mCUIy2KF9mZ3mqE3R9sGl/GG1AoGBAME/
+Mv+Rs+DQKUgUz+pgCbH4DnTsUhfNSGBLsFlIlifUozgIivz0rbFpM3JnNjAkBE9Q
+fe8359SG0UBb5W2y0WzAhNC640PSvn8vyNfhGN6ai3oNpGMJzxqW18xvKTYUwscZ
+taevWyXpWP2buyKabGi8dUHYDcNQSSoUU5C9zZRzAoGAOLw7XpOgw2iB9WSTZa/9
+l4Kst27+Kqsq5NA01zUFUEps6kQ7TAxBTUrgeH2sMMmGR9t0zBWOLkl0aKmIcxUS
+esGXw2Am0+HPonNRdRrDi6x+E1uGeUOiPKmcocNOCYV6GgVluuelY/1t1gm5VCba
+ThOfFZ1cmVUWVQ1nBqWRiM0CgYEAlcTNWZUqu8mYtOysVxEncm61hZjB5wCKX1dJ
+zWicNzJtbTfxwCpBk4XdAYVMUfMYBAB2GbhSTDxQYHjYTzSPaqGqTbsJ976VNS1r
+kyQ5igxsnKOGC9vGTu0pQp/EaM2eR4B9cQBOvAsllSfk2OSlsGae2fEAeab3jU1D
+lqIDelECgYEAveecFCFzEHu68oZWca07BKtHlhs4Ku8pTW7HwZ8Vagv83UeddfHh
+bP/IqRngwU+zSfjLo7CwFWnkSIlzcY+g0SUspGU44kTr0kjhurxwscNeL9FAusFU
+28nTCozLexEGFieDVCx7t1dtgvzCt0PImEaEk8sx9l1w5C8j6we+o2Q=
+-----END RSA PRIVATE KEY-----
diff --git a/sign.sh b/sign.sh
index 1a31ae0..7edcf6b 100644
--- a/sign.sh
+++ b/sign.sh
@@ -6,4 +6,24 @@ openssl ecparam -name secp256r1 -genkey -out key/self-sign.key # 使用椭圆曲
#./tool gen-key key/self-sign.key gdnt-cloud.com 2048 # 使用 RSA 生成私钥
./tool gen-csr csr/self-sign.csr gdnt-cloud.com conf/self-sign.conf key/self-sign.key
./tool self-sign crt/self-sign.crt gdnt-cloud.com 3650 sha256 req_v3_usr conf/self-sign.conf csr/self-sign.csr key/self-sign.key
-./tool chain chain.pem gdnt-cloud.com crt/self-sign.crt \ No newline at end of file
+./tool chain chain.pem gdnt-cloud.com crt/self-sign.crt
+
+## 签发根证书,用于为 TSG/Nezha 界面的服务端签发证书
+
+#openssl ecparam -name secp256r1 -genkey -out key/ca-root-for-e21.key # 使用椭圆曲线
+./tool gen-key key/ca-root-for-e21.key gdnt-cloud.com 2048 # 使用 RSA
+./tool gen-ca crt/ca-root-for-e21.crt gdnt-cloud.com conf/ca-root-for-e21.conf key/ca-root-for-e21.key
+
+## 为 TSG 界面的服务端签发实体证书
+
+#openssl ecparam -name secp256r1 -genkey -out key/tsg-entity-for-e21.key # 使用椭圆曲线
+./tool gen-key key/tsg-entity-for-e21.key gdnt-cloud.com 2048 # 使用 RSA
+./tool gen-csr csr/tsg-entity-for-e21.csr gdnt-cloud.com conf/tsg-entity-for-e21.conf key/tsg-entity-for-e21.key
+./tool sign crt/tsg-entity-for-e21.crt gdnt-cloud.com 7299 sha256 req_v3_usr conf/tsg-entity-for-e21.conf csr/tsg-entity-for-e21.csr key/ca-root-for-e21.key crt/ca-root-for-e21.crt
+
+## 为 Nezha 界面的服务端签发实体证书
+
+#openssl ecparam -name secp256r1 -genkey -out key/nezha-entity-for-e21.key # 使用椭圆曲线
+./tool gen-key key/nezha-entity-for-e21.key gdnt-cloud.com 2048 # 使用 RSA
+./tool gen-csr csr/nezha-entity-for-e21.csr gdnt-cloud.com conf/nezha-entity-for-e21.conf key/nezha-entity-for-e21.key
+./tool sign crt/nezha-entity-for-e21.crt gdnt-cloud.com 7299 sha256 req_v3_usr conf/nezha-entity-for-e21.conf csr/nezha-entity-for-e21.csr key/ca-root-for-e21.key crt/ca-root-for-e21.crt \ No newline at end of file
generated by cgit v1.2.3 (git 2.39.1) at 2025-12-30 13:20:36 +0000