准备目录
mkdir -p /home/wanmagroup/rte/nginx/createSSL
cd /home/wanmagroup/rte/nginx/createSSL生成 OpenSSL 配置文件
创建文件touch openssl-ip.cnf:
vi openssl-ip.cnf内容:
[ req ]
default_bits = 2048
prompt = no
default_md = sha256
distinguished_name = dn
req_extensions = req_ext
[ dn ]
C = CN
ST = Internal
L = Internal
O = WanmaGroup
OU = IT
CN = 10.9.4.65
[ req_ext ]
subjectAltName = @alt_names
[ alt_names ]
IP.1 = 10.9.4.65生成私钥
openssl genrsa -out server.key 2048生成 CSR
openssl req -new \
-key server.key \
-out server.csr \
-config openssl-ip.cnf生成自签名证书
openssl x509 -req \
-in server.csr \
-signkey server.key \
-out server.crt \
-days 825 \
-extensions req_ext \
-extfile openssl-ip.cnf验证证书是否真的包含 IP
openssl x509 -in server.crt -noout -text | grep -A2 "Subject Alternative Name"Nginx 使用该证书
ssl_certificate /home/wanmagroup/rte/nginx/createSSL/server.crt;
ssl_certificate_key /home/wanmagroup/rte/nginx/createSSL/server.key;