自簽名證書生成
# 生成自簽名證書的私鑰ca.key
openssl genrsa -out ca.key 2048
# 生成自簽名證書ca.crt
openssl req -new -x509 -days 365 -key ca.key -out ca.crt 使用自簽名證書簽名伺服器證書
# 生成伺服器私鑰server.key
openssl genrsa -out server.key 2048
# 生成伺服器證書請求server.csr
openssl req -new -key server.key -out server.csr
# 生成伺服器證書server.crt
openssl x509 -req -days 365 -in server.csr -CA ca.crt -CAkey ca.key -set_serial 01 -out server.crt 驗證證書有效性
openssl x509 -text -noout -in server.crt [req]
default_bits = 2048
default_keyfile = server.key
distinguished_name = req_distinguished_name
encrypt_key = no
default_md = sha256
req_extensions = req_ext
[req_distinguished_name]
commonName_default = www.xxx.com
commonName_max = 64
organizationName_default = xxx Co.,Ltd.
organizationalUnitName_default = IT Support Dept
localityName_default = City
stateOrProvinceName_default = Province
countryName_default = CN
[req_ext]
subjectAltName = @alt_names
[alt_names]
DNS.1 = www.xxx.com
IP.1 = xxx.xxx.xxx.xxx openssl x509 -req -days 365 -in server.csr -CA ca.crt -CAkey ca.key -extfile server.conf -set_serial 01 -out server.crt ![門戶通專訪月光部落格:第一部落格是如何打造成的[圖]](data:image/gif;base64,R0lGODlhAQABAIAAAP///wAAACwAAAAAAQABAAACAkQBADs=)