安装 openssl
sudo apt install openssl
生成 SSL 证书
生成私钥 (Private Key)
openssl genrsa -out private.key 2048
在当前目录生成 private.key
生成证书签名请求 (CSR - Certificate Signing Request)
openssl req -new -key private.key -out certificate.csr -subj "/C=US/ST=California/L=San Francisco/O=My Company/OU=IT Department/CN=proxy.com"
在当前目录生成 certificate.csr
创建配置文件
sudo vim config.ext
subjectKeyIdentifier = hash
authorityKeyIdentifier = keyid:always,issuer:always
basicConstraints = CA:TRUE
keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment, keyAgreement, keyCertSign
subjectAltName = DNS:proxy.com, DNS:www.proxy.com, IP:192.168.5.116
issuerAltName = issuer:copy生成自签名证书 (Self-signed Certificate)
openssl x509 -req -days 365 -in certificate.csr -signkey private.key -out certificate.crt -extfile config.ext
在当前目录生成 certificate.crt
-days 365 参数表示证书的有效期为 365 天,可以根据需要调整。
验证:
验证证书信息
openssl x509 -in certificate.crt -noout -text
