根证书
# 生成根证书私钥
openssl genrsa -out ca.key 4096
# 签发根证书,有效期100年
openssl req -new -x509 -key ca.key -out ca.crt -days 36500配置文件
新建ssl.conf 文件
[req]
default_bits = 4096
distinguished_name = req_distinguished_name
req_extensions = req_ext
[req_distinguished_name]
countryName = Country Name (2 letter code)
countryName_default = CN
stateOrProvinceName = State or Province Name (full name)
stateOrProvinceName_default = JiangSu
localityName = Locality Name (eg, city)
localityName_default = NanJing
organizationName = Organization Name (eg, company)
organizationName_default = trycatch.xyz
commonName = Common Name (e.g. server FQDN or YOUR name)
commonName_max = 64
commonName_default = trycatch.xyz
[req_ext]
subjectAltName = @alt_names
[alt_names]
IP.1 = 192.168.0.1
IP.2 = 192.168.0.2
IP.3 = 192.168.0.253
DNS.1 = trycatch.xyz
DNS.2 = *.trycatch.xyz
DNS.3 = *.baidu.com网站证书
# 生成网站私钥
openssl genrsa -out private.key 4096
# 使用网站私钥生成证书请求文件
openssl req -new -out private.csr -key private.key -config ssl.conf
# 签发证书,有效期100年
openssl x509 -req -days 36500 -in private.csr -out private.crt -CA ca.crt -CAkey ca.key -extfile ssl.conf -extensions req_ext -CAcreateserial