#!/bin/bash
#############################################################################
# Create By: zhf_sy
# License: GNU GPLv3
# Test On: CentOS 7
#############################################################################
# 生成openssl.cnf文件
# 使用前需要一些变量
F_ECHO_OPENSSL_CNF()
{
echo "
# OpenSSL example configuration file.
# This is mostly being used for generation of certificate requests.
#
# This definition stops the following lines choking if HOME isn't
# defined.
HOME = .
RANDFILE = \$ENV::HOME/.rnd
# 额外的对象标识符信息
# Extra OBJECT IDENTIFIER info:
#oid_file = \$ENV::HOME/.oid
oid_section = new_oids
# 当【openssl x509】实用程序和【-extfile】选项一起用时,在此处命名要使用的 X.509v3 扩展section名称。(也可以直接在命令行带上参数选项【-extensions section名称】吧)
# To use this configuration file with the "-extfile" option of the
# "openssl x509" utility, name here the section containing the
# X.509v3 extensions to use:
#extensions =
# 或者使用【在主要[= default]section中仅包含 X.509v3 扩展】的配置文件
# (Alternatively, use a configuration file that has only
# X.509v3 extensions in its main [= default] section.)
####################################################################
[ new_oids ]
# 我们可以在这里添加新的OID供"ca","req"和"ts"使用
# We can add new OIDs in here for use by 'ca', 'req' and 'ts'.
# Add a simple OID like this:
#testoid1 = 1.2.3.4
# Or use config file substitution like this:
#testoid2 = \${testoid1}.5.6
# TSA策略示例
# Policies used by the TSA examples.
tsa_policy1 = 1.2.3.4.1
tsa_policy2 = 1.2.3.4.5.6
tsa_policy3 = 1.2.3.4.5.7
####################################################################
[ ca ]
# 调用CA服务器信息段:CA_default
default_ca = CA_default # The default ca section
####################################################################
[ CA_default ]
dir = $PWD # Where everything is kept
# 颁发的证书路径
new_certs_dir = \$dir/newcerts # default place for new certs.
certs = \$dir/certs # Where the issued certs are kept
crl = \$dir/ca.crl.pem # The current CRL
crl_dir = \$dir/crl # Where the issued crl are kept
unique_subject = no # Set to 'no' to allow creation of
# several ctificates with same subject.
# ca数据库
database = \$dir/index.txt # database index file.
serial = \$dir/serial # The current serial number,手动设置初始值01
crlnumber = \$dir/crlnumber # the current crl number,手动设置初始值01
# must be commented out to leave a V1 CRL(当保持crl为V1版本时,需要注释掉此项)
# ca证书等
certificate = \$dir/ca.pem.crt # The CA certificate
private_key = \$dir/private/ca.pem.key # The private key
RANDFILE = \$dir/private/.rand # private random number file
# 调用证书扩展段:usr_cert
x509_extensions = usr_cert # The extentions to add to the cert
# 传统格式需要注释掉以下两行
# Comment out the following two lines for the "traditional"
# (and highly broken) format.
name_opt = ca_default # Subject Name options
cert_opt = ca_default # Certificate field options
# 拷贝扩展信息(小心使用)
# Extension copying option: use with caution.
#copy_extensions = copy
# 调用吊销列表扩展:crl_ext
# 当保持crl为V1版本时,需要注释掉此项,同时crlnumber也要注释掉 (Netscape 浏览器不支持V2 crl)
# Extensions to add to a CRL. Note: Netscape communicator chokes on V2 CRLs
# so this is commented out by default to leave a V1 CRL.
# crlnumber must also be commented out to leave a V1 CRL.
crl_extensions = crl_ext
#
default_days = ${CERT_DAYS} # how long to certify for
default_crl_days = 30 # how long before next CRL
default_md = sha256 # use SHA-256 by default
preserve = no # keep passed DN ordering
# 指定相似请求的不同方法
# 对于CA类型,列出的属性必须相同,可选字段和必须提供的字段
# A few difference way of specifying how similar the request should look
# For type CA, the listed attributes must be the same, and the optional
# and supplied fields are just that :-)
policy = policy_match # 调用CA策略段:policy_match
####################################################################
# CA策略
# For the CA policy
[ policy_match ]
# 如果值为"match",则客户端证书请求时,相应信息必须和CA证书保持一致;反之如果为"optional",则不用
#countryName = match
countryName = optional
stateOrProvinceName = optional
organizationName = optional
organizationalUnitName = optional
commonName = supplied
emailAddress = optional
####################################################################
# 列出所有策略对象类型
# For the 'anything' policy
# At this point in time, you must list all acceptable 'object'
# types.
[ policy_anything ]
countryName = optional
stateOrProvinceName = optional
localityName = optional
organizationName = optional
organizationalUnitName = optional
commonName = supplied
emailAddress = optional
####################################################################
[ req ]
default_bits = ${CERT_BITS}
default_md = sha256
default_keyfile = privkey.pem
distinguished_name = req_distinguished_name # 调用用户信息段[req_distinguished_name]
attributes = req_attributes # 调用密码属性段[req_attributes]
# 调用证书请求扩展段:v3_req
req_extensions = v3_req # The extensions to add to a certificate request
# 调用自签名证书扩展段:v3_ca
x509_extensions = v3_ca # The extentions to add to the self signed cert
# 私钥密码。如果没有设置私钥密码,则提示输入
# Passwords for private keys if not present they will be prompted for
#input_password = secret
#output_password = secret
# 设置允许的字符串类型
# This sets a mask for permitted string types. There are several options.
# default: PrintableString, T61String, BMPString.
# pkix : PrintableString, BMPString (PKIX recommendation before 2004)
# utf8only: only UTF8Strings (PKIX recommendation after 2004).
# nombstr : PrintableString, T61String (no BMPStrings or UTF8Strings).
# MASK:XXXX a literal mask value.
# WARNING: ancient versions of Netscape crash on BMPStrings or UTF8Strings.
string_mask = utf8only
####################################################################
# 用户信息
[ req_distinguished_name ]
countryName = Country Name (2 letter code)
countryName_default = $countryName_default
countryName_min = 2
countryName_max = 2
stateOrProvinceName = State or Province Name (full name)
stateOrProvinceName_default = $stateOrProvinceName_default
localityName = Locality Name (eg, city)
localityName_default = $localityName_default
0.organizationName = Organization Name (eg, company)
0.organizationName_default = $organizationName_default0
# we can do this but it is not needed normally :-)
#1.organizationName = Second Organization Name (eg, company)
#1.organizationName_default = World Wide Web Pty Ltd
organizationalUnitName = Organizational Unit Name (eg, section)
organizationalUnitName_default = $organizationalUnitName_default
commonName = Common Name (eg, your name or your server\'s hostname)
commonName_default = $commonName_default
commonName_max = 64
emailAddress = Email Address
emailAddress_max = 64
emailAddress_default = $emailAddress_default
# SET-ex3 = SET extension number 3
####################################################
没有合适的资源?快使用搜索试试~ 我知道了~
基于openssl的CA证书服务器 你可以用它搭建自己的专属CA服务器,以方便为用户生成私钥、证书请求、颁发证书、吊销证书、证书
共17个文件
sh:10个
md:2个
sample:1个
1.该资源内容由用户上传,如若侵权请联系客服进行举报
2.虚拟产品一经售出概不退款(资源遇到问题,请及时私信上传者)
2.虚拟产品一经售出概不退款(资源遇到问题,请及时私信上传者)
版权申诉
0 下载量 125 浏览量
2024-01-06
17:18:22
上传
评论
收藏 45KB ZIP 举报
温馨提示
基于openssl的CA证书服务器。你可以用它搭建自己的专属CA服务器,以方便为用户生成私钥、证书请求、颁发证书、吊销证书、证书续期、证书吊销列表等。它可以生成多种类型的证书,包括且不限于web服务器、代码、计算机、客户端、信任列表、时间戳、IPSec、Email、智能卡登陆及其他OID证书。只需简单在配置文件中指定即可,证书完全兼容与Windows、Linux、Android、iOS等PC及手机系统(自签名不兼容)。项目是产品化的,不用修改代码就可以管理CA服务器整个生命周期,计划未来增加web操作页面,实现用户从网页端申请、下载、续期等证书操作,以及证书吊销列表的分发。
资源推荐
资源详情
资源评论
收起资源包目录
zzxia-openssl-ca-server-master.zip (17个子文件)
zzxia-openssl-ca-server-master
0-init_ca.sh 2KB
my_conf
env.sh--model 4KB
env.sh--test.lan 4KB
env.sh--CA.sample 4KB
LICENSE 34KB
function.sh 22KB
m-1-generate_user_key.sh 4KB
m-2-generate_user_csr.sh 5KB
blog-自建CA及证书颁发-old.md 13KB
key_usage.md 7KB
m-x-renew_user_crt.sh 24B
1-generate_CA_key_and_crt.sh 4KB
m-x-revoke_user_crt.sh 14B
m-x-generate_CA_crl.sh 14B
.gitignore 316B
m-3-generate_user_crt.sh 10KB
m-3in1-generate_user_key-csr-crt.sh 9KB
共 17 条
- 1
资源评论
Java程序员-张凯
- 粉丝: 1w+
- 资源: 6649
上传资源 快速赚钱
- 我的内容管理 展开
- 我的资源 快来上传第一个资源
- 我的收益 登录查看自己的收益
- 我的积分 登录查看自己的积分
- 我的C币 登录后查看C币余额
- 我的收藏
- 我的下载
- 下载帮助
最新资源
- 信呼OA系统2.1.7版源码
- 3122080306 邹子轩 实验报告二.docx
- 基于STM32 NUCLEO板设计彩色LED照明灯(纯cubeMX开发)(大赛作品,文档完整,可直接运行)
- 发那科工业机器人保养大全
- Sphere.h
- REMD固有时间尺度分解信号分量可视化(Matlab完整源码和数据)
- 嵌入式系统双单片机STC89C52+STC15W104多功能学习板电路图可扩展 适用于单片机初学者和教学
- 基于STM32蓝牙控制小车系统设计(硬件+源代码+论文)大赛作品
- XILINXFPGA源码基于Spartan3火龙刀系列FPGA开发板VGA测试例程
- Java聊天室的设计与实现【尚学堂·百战程序员】
资源上传下载、课程学习等过程中有任何疑问或建议,欢迎提出宝贵意见哦~我们会及时处理!
点击此处反馈
安全验证
文档复制为VIP权益,开通VIP直接复制
信息提交成功