echo "########generate server key pair"
keytool -genkeypair -alias $SERVER_NAME_JKS -validity 3650 -keyalg RSA -keysize 2048 -keypass changeit -storepass changeit -keystore $SERVER_NAME_JKS.jks echo "########generate server csr" keytool -certreq -alias $SERVER_NAME_JKS -sigalg SHA256withRSA -file $SERVER_NAME_JKS.csr -keypass changeit -storepass changeit -keystore $SERVER_NAME_JKS.jks echo "########generate server cert" openssl ca -in $SERVER_NAME_JKS.csr -out $SERVER_NAME_JKS.crt -cert $CA_NAME.crt -keyfile $CA_NAME.key -notext -config openssl.cnf 如果要启用V3,或者颁发给某个IP 先修改openssl配置文件 openssl.cnf [ v3_req ]# Extensions to add to a certificate request
basicConstraints = CA:TRUE
subjectAltName = @alt_names[alt_names]
IP.1 = 59.56.XX.XX 再调用命令 openssl ca -in $SERVER_NAME_JKS.csr -out $SERVER_NAME_JKS.crt -cert $CA_NAME.crt -keyfile $CA_NAME.key -extensions v3_req -notext -config openssl.cnfecho "########import ca cert to jks" keytool -importcert -v -trustcacerts -alias $CA_NAME -file $CA_NAME.crt -storepass changeit -keystore $SERVER_NAME_JKS.jks echo "########import server cert to jks" keytool -importcert -v -alias $SERVER_NAME_JKS -file $SERVER_NAME_JKS.crt -storepass changeit -keystore $SERVER_NAME_JKS.jks echo "########view jks" keytool -list -v -keystore $SERVER_NAME_JKS.jks