为了测试openssl性能,需要生成大量的key,一个个生成是不现实的,综合网上教程,用下面脚本gen_key
其中CA是提前生成好的。
脚本gen_key
#!/bin/bash +x
start=10000
for((i=$start;i<$1+$start;i++));
do
echo generate for $(expr $i - $start + 1);
servername=$i.cloudqa.art;
# openssl genrsa -out $i.cloudqa.art.key 4096;
openssl req -nodes -newkey rsa:4096 -keyout $servername.key -out $servername.csr -subj "/C=CN/ST=BJ/L=Beijing/O=ksyun/OU=QA/CN=$servername";
openssl x509 -req -days 3650 -in $servername.csr -CA test4.crt -CAkey test4.key -CAcreateserial -out $servername.crt;
done
执行脚本
# ./gen_key 3
generate for 1
Generating a 4096 bit RSA private key
..........................................++
..................++
writing new private key to '10000.cloudqa.art.key'
-----
Signature ok
subject=/C=CN/ST=BJ/L=Beijing/O=ksyun/OU=QA/CN=10000.cloudqa.art
Getting CA Private Key
generate for 2
Generating a 4096 bit RSA private key
........++
..............................................................++
writing new private key to '10001.cloudqa.art.key'
-----
Signature ok
subject=/C=CN/ST=BJ/L=Beijing/O=ksyun/OU=QA/CN=10001.cloudqa.art
Getting CA Private Key
generate for 3
Generating a 4096 bit RSA private key
......................................++
.....................................................++
writing new private key to '10002.cloudqa.art.key'
-----
Signature ok
subject=/C=CN/ST=BJ/L=Beijing/O=ksyun/OU=QA/CN=10002.cloudqa.art
Getting CA Private Key
查看结果
[root@shpbs01-cp-netproxy090078 keys]# ls -1 1000*
10000.cloudqa.art.crt
10000.cloudqa.art.csr
10000.cloudqa.art.key
10001.cloudqa.art.crt
10001.cloudqa.art.csr
10001.cloudqa.art.key
10002.cloudqa.art.crt
10002.cloudqa.art.csr
10002.cloudqa.art.key