すぐに作り方を忘れるので、シェルスクリプトを記録しておく。
変数OPENSSLにopensslをフルパスで与えること。
あとはchmod 755して実行すればカレントディレクトリにserver.crtとserver.keyができる。
おまけでDHパラメータ、dhparam.pemもできる。
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 |
#!/bin/sh # Generates a self-signed certificate. OPENSSL=/usr/bin/openssl KEYFILE=server.key CERTFILE=server.crt SIGNREQ=server.csr DHPARAM=dhparam.pem if [ -f $CERTFILE ]; then echo "$CERTFILE already exists, won't overwrite" exit 1 fi if [ -f $KEYFILE ]; then echo "$KEYFILE already exists, won't overwrite" exit 1 fi if [ -f $SIGNREQ ]; then echo "$SIGNREQ already exists, won't overwrite" exit 1 fi echo echo "Generating key file, $KEYFILE" echo "============================" $OPENSSL genrsa 2048 > $KEYFILE || exit 2 chmod 0600 $KEYFILE echo "============================" echo echo "Generating sign request file, $SIGNREQ" echo "============================" $OPENSSL req -new -key $KEYFILE > $SIGNREQ || exit2 echo "============================" echo echo "Generating cert file, $CERTFILE" echo "============================" $OPENSSL x509 -days 3650 -req -signkey $KEYFILE < $SIGNREQ > $CERTFILE || exit2 echo "============================" echo echo "Generating DH key, $DHPARAM" echo "============================" $OPENSSL dhparam -out $DHPARAM 2048 echo "============================" echo echo "Now you have $CERTFILE, $KEYFILE and $DHPARAM" echo |
参考
http://d.hatena.ne.jp/rikunora/20120514/p1
http://qiita.com/kunichiko/items/12cbccaadcbf41c72735
One comment