步骤
#创建两个文件 cn.cnf和server.cnf ,分别插入下面的内容
bash
[ req ]
default_bits = 4096
distinguished_name = req_distinguished_name
req_extensions = req_ext
prompt = no
[ req_distinguished_name ]
countryName = CN
stateOrProvinceName = BeiJing
localityName = BeiJing
organizationName = WeiOrg
organizationalUnitName = WeiUnit
commonName = localhost
[ req_ext ]
subjectAltName = @alt_names
[ alt_names ]
DNS.1 = localhost
DNS.2 = example.com #配置域名的写法
IP.1 = 127.0.0.1
IP.2 = 192.168.110.9 #配置ip写法分别执行下面的命令
bash
openssl genpkey -algorithm RSA -out ca.key -pkeyopt rsa_keygen_bits:4096
openssl req -x509 -new -key ca.key -out ca.crt -days 3650 -config ca.cnf
openssl genpkey -algorithm RSA -out server.key -pkeyopt rsa_keygen_bits:4096
openssl req -new -key server.key -out server.csr -config server.cnf
openssl x509 -req -in server.csr -CA ca.crt -CAkey ca.key -CAcreateserial -out server.crt -days 365 -extfile server.cnf -extensions req_ext安装证书过程
待后续...