diff options
| author | fengweihao <[email protected]> | 2018-11-16 14:43:36 +0800 |
|---|---|---|
| committer | fengweihao <[email protected]> | 2018-11-16 14:43:36 +0800 |
| commit | e83df364a072a09152ea9b2a5ab0dadf0c4b15a8 (patch) | |
| tree | 9e28fa68ee28a7d8400706a4c648aae6599b8c0d | |
| parent | b07c3182b48e830db092384e5b70d4839d217382 (diff) | |
1.修改生成安装包文件名
2.修改生成实体证书脚本,增加SAN
| -rw-r--r-- | src/package/Makefile | 19 | ||||
| -rw-r--r-- | src/package/r2_certstore | 3 | ||||
| -rw-r--r-- | src/package/r2_certstore1.0 | 3 | ||||
| -rw-r--r-- | src/package/r3_certstore (renamed from src/package/r3_certstore1.0) | 2 | ||||
| -rw-r--r-- | src/script/signssl.sh | 30 | ||||
| -rw-r--r-- | src/script/tarball.sh | 6 |
6 files changed, 50 insertions, 13 deletions
diff --git a/src/package/Makefile b/src/package/Makefile index af21965..9400904 100644 --- a/src/package/Makefile +++ b/src/package/Makefile @@ -1,3 +1,4 @@ +SUBDIRS := cert certstore conf r2_certstore r3_certstore rule tool install: # if [ ! -d "/usr/local/bin" ]; then mkdir -p "/usr/local/bin"; fi @@ -6,16 +7,26 @@ install: # cp -f etc/cert_store.ini /usr/local/etc/ # # cp -f bin/cert_store /usr/local/bin/ - chmod +x certstore1.0 +# chmod +x certstore1.0 # # cp -f lib/* /usr/local/lib/ # sudo ldconfig + if [ ! -d "/home/ceiec/certstore" ]; then mkdir -p "/home/ceiec/certstore"; fi + + chmod +x certstore r2_certstore r3_certstore + chmod +x tool/signssl.sh tool/x509 + + for d in $(SUBDIRS); do \ + cp -rf $$d /home/ceiec/certstore; \ + done + update: + chmod +x certstore + cp -f certstore /home/ceiec/certstore + # cp -f bin/cert_server /usr/local/bin/ - chmod +x certstore1.0 uninstall: - rm -f /usr/local/bin/cert_store - rm -rf /usr/local/etc/cert_store.ini + rm -rf /home/ceiec/certstore diff --git a/src/package/r2_certstore b/src/package/r2_certstore new file mode 100644 index 0000000..94d85d5 --- /dev/null +++ b/src/package/r2_certstore @@ -0,0 +1,3 @@ +killall r3_certstore certstore +./r3_certstore &> /dev/null & + diff --git a/src/package/r2_certstore1.0 b/src/package/r2_certstore1.0 deleted file mode 100644 index 8e1ee6a..0000000 --- a/src/package/r2_certstore1.0 +++ /dev/null @@ -1,3 +0,0 @@ -killall r3_certstore1.0 certstore1.0 -./r3_certstore1.0 &> /dev/null & - diff --git a/src/package/r3_certstore1.0 b/src/package/r3_certstore index 8595fc1..09cbb9f 100644 --- a/src/package/r3_certstore1.0 +++ b/src/package/r3_certstore @@ -11,7 +11,7 @@ while [ 1 ]; do ulimit -c 0 fi - ./certstore1.0 --normal > /dev/null + ./certstore --normal > /dev/null echo program crashed, restart at `date +"%w %Y/%m/%d, %H:%M:%S"` >> RESTART.log sleep 10 done diff --git a/src/script/signssl.sh b/src/script/signssl.sh index 44033e7..2a0234d 100644 --- a/src/script/signssl.sh +++ b/src/script/signssl.sh @@ -13,7 +13,7 @@ do_help() { echo "./signssl -type cert_name -cafrom ca_name -cakeyfrom key_name" echo "usage: ./signssl args" - echo " -type cert_name - input type (-middle, -entity)" + echo " -type cert_name - input type (-caroot -middle, -entity)" echo " -cafrom ca_name - input ca_name (root certificate)" echo " -cakeyfrom key_name - input key_name (the root keys)" exit @@ -37,6 +37,10 @@ do_check() do_help exit fi + + if [ "$type_name" == "-caroot" ]; then + return + fi if [ "$caform" != "-cafrom" ] || [ "$caname" == "" ]; then echo "root certificate name is unkone!" do_help @@ -68,14 +72,30 @@ do_entity() fi openssl genrsa -out ${name}.pem 1024 openssl rsa -in ${name}.pem -out ${name}.key - openssl req -new -key ${name}.pem -out ${name}.csr - openssl x509 -req -days 365 -sha256 -extfile /etc/pki/tls/openssl.cnf -extensions v3_req -CA ${caname} -CAkey ${cakey} -CAserial ca.srl -CAcreateserial -in ${name}.csr -out ${name}.cer + + openssl req -new -sha256 -key ${name}.key -reqexts SAN -config <(cat /etc/pki/tls/openssl.cnf <(printf "[SAN]\nsubjectAltName=DNS:*.${name}.com,DNS:*.${name}.cn")) -out ${name}.csr + + openssl ca -in ${name}.csr -md sha256 -keyfile ${cakey} -cert ${caname} -extensions SAN -config <(cat /etc/pki/tls/openssl.cnf <(printf "[SAN]\nsubjectAltName=DNS:*.${name}.com,DNS:*.${name}.cn")) -out ${name}.cer + openssl pkcs12 -export -in ${name}.cer -inkey ${name}.key -chain -CAfile ${caname} -out ${name}.p12 mv ${name}.* entity } +do_caroot() +{ + if [ ! -d ".caroot" ];then + mkdir caroot + fi + openssl genrsa -out ${name}.pem 1024 + openssl rsa -in ${name}.pem -out ${name}.key + openssl req -new -key ${name}.pem -out ${name}.csr + openssl x509 -req -days 365 -sha256 -extfile /etc/pki/tls/openssl.cnf -extensions v3_ca -signkey ${name}.pem -in ${name}.csr -out ${name}.cer + + mv ${name}.* caroot +} + do_signssl() { if [ "$type_name" == "-middle" ]; then @@ -86,6 +106,10 @@ do_signssl() do_entity exit fi + if [ "$type_name" == "-caroot" ]; then + do_caroot + exit + fi } do_check diff --git a/src/script/tarball.sh b/src/script/tarball.sh index d890d85..361d2b4 100644 --- a/src/script/tarball.sh +++ b/src/script/tarball.sh @@ -1,5 +1,7 @@ -X=CertStore-Base-$2 +#X=CertStore-Base-$2 +X=certstore +typeset -l version version=`lsb_release -i -s` version_id=`lsb_release -r -s` machine=`uname -m` @@ -19,7 +21,7 @@ do_copy(){ cp ../conf/ $X -rf cp ../ca/* $X/cert cp ../rule/ $X -rf - cp ../src/cert_store $X/certstore1.0 + cp ../src/cert_store $X/certstore cp ../src/package/* $X cp ../src/script/signssl.sh $X/tool cp ../src/script/x509 $X/tool |