最近在调试Ingress需要使用多份证书，对证书的生成和使用做了简单的整理。

不用翻垃圾桶一条过

#!/bin/sh
output_dir="/opt/suops/k8s/ingress-files/certs/fanht-create-ssl/"

 
read -p "Enter your domain [www.example.com]: " DOMAIN
 
echo "Create server key..."
 
openssl genrsa -des3 -out $DOMAIN.key 1024
 
echo "Create server certificate signing request..."
 
SUBJECT="/C=US/ST=Mars/L=iTranswarp/O=iTranswarp/OU=iTranswarp/CN=$DOMAIN"
 
openssl req -new -subj $SUBJECT -key $DOMAIN.key -out $DOMAIN.csr
 
echo "Remove password..."
 
mv $DOMAIN.key $DOMAIN.origin.key
openssl rsa -in $DOMAIN.origin.key -out $DOMAIN.key
 
echo "Sign SSL certificate..."
 
openssl x509 -req -days 3650 -in $DOMAIN.csr -signkey $DOMAIN.key -out $DOMAIN.crt

echo "    ssl_certificate     ${output_dir}/$DOMAIN.crt;"
echo "    ssl_certificate_key ${output_dir}/$DOMAIN.key;"
echo "    ssl_protocols   TLSv1 TLSv1.1 TLSv1.2"
echo "    ssl_ciphers     HIGH:!aNULL:!MD5"
 

 执行脚本需要输入密码四次即可

123456