第一种方式(使用命令)
生成私钥
openssl genrsa -out server.key 1024使用私钥生成自签名的cert证书文件,以下是通过参数只定证书需要的信息
openssl req -new -x509 -days 3650 -key server.key -out server.crt -subj "/C=CN/ST=Shanghai/L=Shanghai/O=JY/OU=JY/CN=test.domain.com/emailAddress=test@email.com"C = GB 国家
ST = Test State or Province 省
L = Test Locality 市
O = Organization Name 组织机构名
OU = Organizational Unit Name 组织单位名
CN = Common Name 域名
emailAddress = test@email.address 邮箱参考链接:https://www.openssl.org/docs/man1.0.2/man1/openssl-req.html
第二种方式(交互)
通过openssl生成私钥
openssl genrsa -out server.key 1024根据私钥生成证书申请文件csr
openssl req -new -key server.key -out server.csr根据命令行向导来进行信息输入
ps.Common Name可以输入:*.yourdomain.com,这种方式生成通配符域名证书
使用私钥对证书申请进行签名从而生成证书
openssl x509 -req -in server.csr -out server.crt -signkey server.key -days 3650第三种方式
openssl req -new -x509 -keyout server.key -out server.crt -config openssl.cnfopenssl.cnf
[ req ]
default_bits = 2048
default_keyfile = keyfile.pem
distinguished_name = req_distinguished_name
attributes = req_attributes
prompt = no
output_password = mypass
[ req_distinguished_name ]
C = GB
ST = Test State or Province
L = Test Locality
O = Organization Name
OU = Organizational Unit Name
CN = Common Name
emailAddress = test@email.address
[ req_attributes ]
challengePassword = A challenge password
