#!/bin/bash
CURRENT_DIR="$(pwd)"
CURRENT_SERIAL="$(cat /etc/pki/CA/serial)"
echo -n "请输入客户端名称(通常选取你名称的拼音或者你的IP): "
read client_name
PRIVATE_KEY_NAME="${client_name}_private_key.pem"
REQ_NAME="${client_name}_req.csr"
CERT_NAME="${client_name}_cert_${CURRENT_SERIAL}.crt"
echo -e "客户端名称:${client_name} 开始制作证书... \n"
echo "生成客户端私钥中..."
openssl genrsa -out ./"${PRIVATE_KEY_NAME}"
echo -e "客户端私钥已生成,保存在${CURRENT_DIR}/${PRIVATE_KEY_NAME} \n"
echo "请按照以下模板生成客户端请求文件"
echo -e "Country Name (2 letter code) [AU]:\033[31m CN \033[0m"
echo -e "State or Province Name (full name) [Some-State]:\033[31m SH \033[0m"
echo -e "Locality Name (eg, city) []:\033[31m SH \033[0m"
echo -e "Organization Name (eg, company) [Internet Widgits Pty Ltd]:\033[31m CHAINTOR \033[0m"
echo -e "Organizational Unit Name (eg, section) []:\033[31m IT \033[0m"
echo -e "Common Name (e.g. server FQDN or YOUR name) []:\033[31m ${client_name} \033[0m"
echo -e "Email Address []:\033[31m 选填,可直接回车 \033[0m \n"
echo -e "A challenge password []:\033[31m 不需要密码,直接回车 \033[0m"
echo -e "An optional company name []:\033[31m 客户端可选名称,选填,可直接回车 \033[0m \n"
openssl req -new -key "${PRIVATE_KEY_NAME}" -out "${REQ_NAME}"
echo -e "客户端请求文件已生成,保存在${CURRENT_DIR}/${REQ_NAME} \n"
echo "给客户端签名中..."
openssl ca -in "${REQ_NAME}" -config /etc/pki/tls/openssl.cnf
echo -e "客户端证书已签名,当前证书序号为${CURRENT_SERIAL},证书默认保存在/etc/pki/CA/newcerts/${CURRENT_SERIAL}.pem,正在迁移到当前目录 \n"
cp /etc/pki/CA/newcerts/"${CURRENT_SERIAL}.pem" ./"${CERT_NAME}"
echo -e "证书已迁移,保存在${CURRENT_DIR}/${CERT_NAME} \n"
echo "制作完成,请拷贝私钥和证书文件到你的本地开始使用~~"