CA 構築用のシェルスクリプトを書いたけどエラー
('A`)
#!/bin/sh # DIR=/usr/local/etc/ssl CADIR=$DIR/demoCA CACONFIG="-config $DIR/openssl.cnf" CONFIG="server.cnf" DAYS="-days 3650" for i do case $i in -\?|-h|-help) echo "usage: CA -newca|-newcrt" >&2 exit 0 ;; -newca) mkdir -p $DIR cp /etc/ssl/openssl.cnf $DIR/openssl.cnf.in sed -e 's/365/3650/' \ -e 's/1024/2048/' \ -e 's/AU/JP/' \ -e 's/policy = policy_match/policy = policy_anything/' \ -e 's/stateOrProvinceName_default/#stateOrProvinceName_default/' \ -e 's/Internet Widgits Pty Ltd/Cocelo Style/' \ -e 's/#organizationalUnitName_default =/organizationalUnitName_default = Private CA/' \ -e 's/nsComment/# nsComment/' \ $DIR/openssl.cnf.in > $DIR/openssl.cnf rm $DIR/openssl.cnf.in mkdir $CADIR mkdir $CADIR/certs mkdir $CADIR/crl mkdir $CADIR/newcerts mkdir $CADIR/private chmod 700 $CADIR/private echo "01" > $CADIR/serial touch $CADIR/index.txt openssl req -new -x509 -batch \ $CACONFIG \ -newkey rsa \ $DAYS \ -keyout $CADIR/private/cakey.pem \ -out $CADIR/cacert.pem chmod 600 $CADIR/private/cakey.pem openssl ca $CACONFIG -gencrl -out $CADIR/cacrl.pem ln -s $CADIR/cacert.pem $CADIR/newcerts/`openssl x509 -noout -hash < $CADIR/cacert.pem`.0 ln -s $CADIR/cacrl.pem $CADIR/crl/`openssl crl -noout -hash < $CADIR/cacrl.pem`.r0 openssl x509 -text -noout -in $CADIR/cacert.pem RET=$? ;; -newcrt) dd if=/dev/urandom of=/tmp/ssl.rand count=1 openssl req -new -newkey -nodes -sha1 \ -config $DIR/$2/$CONFIG \ -keyform PEM \ -keyout $DIR/$2/server.key \ -outform PEM \ -out $DIR/$2/server.csr openssl rsa -in $DIR/$2/server.key \ -out $DIR/$2/server.key chmod 600 $DIR/$2/server.key openssl gendh -rand /tmp/ssl.rand 512 > $DIR/$2/server.dh chmod 600 $DIR/$2/server.dh rm -f /tmp/ssl.rand openssl ca $CACONFIG \ -in $DIR/$2/server.csr \ -out $DIR/$2/server.crt openssl x509 -text -noout -in $DIR/$2/server.crt RET=$? ;; *) echo "Unknown arg $i"; exit 1 ;; esac done exit $RET