Blockchain и шифрование

Материал из Artem Aleksashkin's Wiki
Перейти к навигации Перейти к поиску

Генерация корневого сертификата и дочернего для хоста

#!/usr/bin/env bash

ROOT_NAME="rootCA"
ROOT_KEY_PASSWORD=`cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 32 | head -n 1`
ROOT_CRT_DAYS=10950
ROOT_CRT_EMAIL="email@example.com"
ROOT_CRT_COUNTRY="RU"
ROOT_CRT_STATE="Moscow"
ROOT_CRT_LOCATION="Moscow"
ROOT_CRT_ORGANIZATION="Org"
ROOT_CRT_ORGANIZATION_UNIT="Org"
ROOT_CRT_COMMON_NAME="example.com"

openssl genrsa\
    -des3\
    -passout pass:${ROOT_KEY_PASSWORD}\
    -out ${ROOT_NAME}.key 2048
openssl req\
    -x509\
    -new\
    -key ${ROOT_NAME}.key\
    -passin pass:${ROOT_KEY_PASSWORD}\
    -days ${ROOT_CRT_DAYS}\
    -subj "/emailAddress=${ROOT_CRT_EMAIL}/C=${ROOT_CRT_COUNTRY}/ST=${ROOT_CRT_STATE}/L=${ROOT_CRT_LOCATION}/O=${ROOT_CRT_ORGANIZATION}/OU=${ROOT_CRT_ORGANIZATION_UNIT}/CN=${ROOT_CRT_COMMON_NAME}"\
    -out ${ROOT_NAME}.crt

NAME="example"
KEY_PASSWORD=`cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 32 | head -n 1`
CRT_DAYS=3650
CRT_EMAIL="email@example.com"
CRT_COUNTRY="RU"
CRT_STATE="Moscow"
CRT_LOCATION="Moscow"
CRT_ORGANIZATION="Org"
CRT_ORGANIZATION_UNIT="Org"
CRT_COMMON_NAME="example.com"

openssl genrsa\
    -des3\
    -passout pass:${KEY_PASSWORD}\
    -out ${NAME}.key 2048
openssl req\
    -new\
    -key ${NAME}.key\
    -passin pass:${KEY_PASSWORD}\
    -subj "/emailAddress=${CRT_EMAIL}/C=${CRT_COUNTRY}/ST=${CRT_STATE}/L=${CRT_LOCATION}/O=${CRT_ORGANIZATION}/OU=${CRT_ORGANIZATION_UNIT}/CN=${CRT_COMMON_NAME}"\
    -out ${NAME}.csr
openssl x509\
    -req\
    -in ${NAME}.csr\
    -CA ${ROOT_NAME}.crt\
    -CAkey ${ROOT_NAME}.key\
    -passin pass:${ROOT_KEY_PASSWORD}\
    -CAcreateserial\
    -days ${CRT_DAYS}\
    -extensions v3_req\
    -out ${NAME}.crt\
    -extfile <(cat /etc/ssl/openssl.cnf <(printf "\n[ v3_req ]\nbasicConstraints = CA:FALSE\nkeyUsage = nonRepudiation, digitalSignature, keyEncipherment\nsubjectAltName = @alt_names\n\n[ alt_names ]\nDNS.1 = ${CRT_COMMON_NAME}"))

echo ${KEY_PASSWORD} > ${NAME}.pass
openssl x509 -in ${NAME}.crt -text -noout

# add to Ubuntu


sudo mkdir /usr/share/ca-certificates/extra
sudo cp /home/artem/projects/openssl/${ROOT_NAME}.crt /usr/share/ca-certificates/extra/${ROOT_NAME}.crt
sudo dpkg-reconfigure ca-certificates
sudo update-ca-certificates
Источник — http://wiki.aleksashkin.net/index.php?title=Blockchain_и_шифрование&oldid=235