OpenSSL自签名证书

根证书

# 生成根证书私钥
openssl genrsa -out ca.key 4096
# 签发根证书,有效期100年
openssl req -new -x509 -key ca.key -out ca.crt -days 36500

配置文件

新建ssl.conf 文件

[req]
default_bits = 4096
distinguished_name = req_distinguished_name
req_extensions  = req_ext

[req_distinguished_name]
countryName                 = Country Name (2 letter code)
countryName_default         = CN
stateOrProvinceName         = State or Province Name (full name)
stateOrProvinceName_default = JiangSu
localityName                = Locality Name (eg, city)
localityName_default        = NanJing
organizationName            = Organization Name (eg, company)
organizationName_default    = trycatch.xyz
commonName                  = Common Name (e.g. server FQDN or YOUR name)
commonName_max              = 64
commonName_default          = trycatch.xyz

[req_ext]
subjectAltName = @alt_names

[alt_names]
IP.1   = 192.168.0.1
IP.2   = 192.168.0.2
IP.3   = 192.168.0.253
DNS.1   = trycatch.xyz
DNS.2   = *.trycatch.xyz
DNS.3   = *.baidu.com

网站证书

# 生成网站私钥
openssl genrsa -out private.key 4096
# 使用网站私钥生成证书请求文件
openssl req -new -out private.csr -key private.key -config ssl.conf 
# 签发证书,有效期100年
openssl x509 -req -days 36500 -in private.csr  -out private.crt  -CA ca.crt -CAkey ca.key  -extfile ssl.conf  -extensions req_ext  -CAcreateserial

Leave a Comment

Back to Top