openssl生成自签名证书

windows下安装openssl并生成自签名证书的命令如下：

需要注意的是：

1. 每一级的证书中，证书的公司名称等尽量不要一样

2. 根证书生成后，2级三级证书生成前，最好重新设置demoCA目录下的serial和index.txt文件中的内容。否则，极容易发生错误。

   openssl genrsa -des3 -out keys/RootCA.key 2048
   openssl req -new -x509 -days 3650 -key keys/RootCA.key -out keys/RootCA.crt

   openssl genrsa -des3 -out keys/secondCA.key 2048
   openssl rsa -in keys/secondCA.key -out keys/secondCA.key
   openssl req -new -days 3650 -key keys/secondCA.key -out keys/secondCA.csr
   openssl ca -extensions v3_ca -in keys/secondCA.csr -config ./cnf/openssl.cnf -days 3650 -out keys/secondCA.crt -cert keys/RootCA.crt -keyfile keys/RootCA.key

   openssl genrsa -des3 -out keys/thirdCA.key 2048
   openssl rsa -in keys/thirdCA.key -out keys/thirdCA.key
   openssl req -new -days 3650 -key keys/thirdCA.key -out keys/thirdCA.csr
   openssl ca -extensions v3_ca -in keys/thirdCA.csr -config ./cnf/openssl.cnf -days 3650 -out keys/thirdCA.crt -cert keys/secondCA.crt -keyfile keys/secondCA.key

   openssl genrsa -des3 -out keys/server.key 2048
   openssl rsa -in keys/server.key -out keys/server.key
   openssl req -new -days 3650 -key keys/server.key -out keys/server.csr
   openssl ca -in keys/server.csr -config ./cnf/openssl.cnf -days 3650 -out keys/server.crt -cert keys/thirdCA.crt -keyfile keys/thirdCA.key