openssl生成p7b

#!/bin/sh
#================================生成CA===============================
#生成ca和私鑰
openssl genrsa -aes256 -passout pass:****** -out ca.key 2048
#openssl rsa -in ca.key -pubout -out ca_pub.key
#生成ca證書請求and自簽名
openssl req -new -x509 -sha256 -days 90 -key ./ca.key -out ./ca.crt
#error while loading serial number
echo "01" > /etc/pki/CA/serial
#=============================生成證書==================================+
#openssl req -x509 -sha256 -nodes -days 90 -newkey rsa:2048 -keyout self.key -out self.crt -subj /CN=*.abc.com
openssl genrsa -aes256 -passout pass:****** -out server.key 2048
#生成證書請求文件
openssl req -sha256 -new -days 90 -key ./server.key  -out ./server.csr
#對證書籤名
openssl ca -md sha256 -days 90 -key ****** -keyfile ./ca.key -cert ./ca.crt -in ./server.csr -out ./server.crt
#failed to update database TXT_DB error number 2
vi  /etc/pki/CA/index.txt.attr #將unique_subject = yes 改爲 no
#查看證書
openssl x509 -in ./servercert.pem  -text -noout
#生成pfx(windows證書格式)
openssl pkcs12 -export -out server.pfx -inkey ./server.key -in ./server.crt
#生成p7b證書鏈
openssl crl2pkcs7 -certfile ./ca.crt -certfile ./server.crt -outform DER -out server.p7b -nocrl