OpenSSL self signed certificate issuance script -- the road to building a dream

#!/bin/bash
#openssl Generate self signed certificate script 

read -p " Please enter your organization ：" organization
read -p " Please enter your domain name ：" FQ

# Generate CA Certificate private key ca.key
openssl genrsa -out ca.key 4096

# according to ca Certificate private key generation CA certificate ca.crt
openssl req -x509 -new -nodes -sha512 -days 3650 \
-subj "/C=CN/ST=Beijing/L=Beijing/O=${organization}/OU=${organization}/CN=${FQ}" \
-key ca.key \
-out ca.crt

# Generate server private key  yourdomain.com.key
openssl genrsa -out ${FQ}.key 4096

# Generate the certificate signature request CSR yourdomain.com.csr
openssl req  -sha512 -new \
-subj "/C=CN/ST=Beijing/L=Beijing/O=${organization}/OU=${organization}/CN=${FQ}" \
-key ${FQ}.key \
-out ${FQ}.csr

# Generate x509 v3 Extension files 
cat > v3.ext <<-EOF
authorityKeyIdentifier=keyid,issuer
basicConstraints=CA:FALSE
keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment
extendedKeyUsage = serverAuth
subjectAltName = @alt_names

[alt_names]
DNS.1=${FQ}
DNS.2=${organization}
EOF

# Use this v3.ext File generation certificate  yourdomain.com.crt
openssl x509 -req -sha512 -days 3650 \
-extfile v3.ext \
-CA ca.crt -CAkey ca.key -CAcreateserial \
-in ${FQ}.csr \
-out ${FQ}.crt

# Instructions 
echo "a.  Will server certificate ${FQ}.crt And the key ${FQ}.key Copied to the cert or ssl Under the table of contents "
mkdir -p /data/cert
cp ${FQ}.crt /data/cert/
cp ${FQ}.key /data/cert/
echo "b.  Will server certificate ${FQ}.crt The encoding format is converted to ${FQ}.cert, Provide to Docker Use "
openssl x509 -inform PEM -in ${FQ}.crt -out ${FQ}.cert
echo "c.  Will server certificate 、 Key and CA File copy to Harbor Host computer Docker certificate In the folder "
#  Create certificate folder 
mkdir -p /etc/docker/certs.d/${FQ}
#  Copy server certificate 
cp ${FQ}.cert /etc/docker/certs.d/${FQ}/
#  Copy the server private key 
cp ${FQ}.key /etc/docker/certs.d/${FQ}/
#  Copy the self signed certification authority ca certificate 
cp ca.crt /etc/docker/certs.d/${FQ}/

systemctl restart docker