美文网首页
生成自签名SSL证书

生成自签名SSL证书

作者: 二三10111 | 来源:发表于2017-09-20 14:00 被阅读0次

    下载执行文件

    本文操作平台windows,安装 TortoiseGit后,在其 git bash中执行 openssl。

    0x1 ca 根证书,生成 ca.crt

    openssl genrsa -out ca.pem 2048
    openssl ecparam -genkey -name secp384r1 -out ca.pem
    openssl req -config conf/ca.cnf -newkey rsa:2048 -x509 -days 3650 -key ca.pem -out ca.crt 
    
    conf/ca.cnf
    [req]
    req_extensions = v3_req
    distinguished_name = req_distinguished_name
    prompt = no
    [req_distinguished_name]   
    countryName            = CN
    stateOrProvinceName    = Beijing                  
    localityName           = Beijing                  
    postalCode             = 100022                   
    streetAddress          = GuoMaoSanQi              
    organizationName       = apfelboymschule          
    organizationalUnitName = Support_CA               
    emailAddress           = http.bj@qq.com  
    0.commonName           = localhost 
    [ v3_req ]
    keyUsage = keyEncipherment, dataEncipherment
    extendedKeyUsage = serverAuth
    

    0x2 server 服务端生成 server.key,server.crt (添加了extfile.cnf)

    openssl genrsa -out server.key 2048
    openssl ecparam -genkey -name secp384r1 -out server.key
    openssl req -config conf/server.cnf -new -key server.key -out server_reqout.txt 
    openssl x509 -req -in server_reqout.txt -days 3650 -sha1 -CAcreateserial -CA ca.crt -CAkey ca.pem -out server.crt -extfile conf/extfile.cnf
    
    conf/extfile.cnf
    subjectAltName = @alt_names
    [alt_names]
    IP.1 = 127.0.0.1
    IP.2 = 192.168.10.51
    DNS.1 = localhost
    
    conf/server.cnf
    [req]
    req_extensions = v3_req
    distinguished_name = req_distinguished_name
    prompt = no
    
    [req_distinguished_name]
    countryName            = CN                             
    stateOrProvinceName    = Beijing                       
    localityName           = Beijing                        
    postalCode             = 100022                        
    streetAddress          = GuoMaoSanQi                  
    organizationName       = apfelboymschule               
    organizationalUnitName = Support_Server                  
    emailAddress           = http.bj@qq.com  
    0.commonName           = localhost 
    
    [ v3_req ]
    keyUsage = keyEncipherment, dataEncipherment
    extendedKeyUsage = serverAuth
    

    0x3 client 客户端生成 client.key,client.crt

    openssl genrsa -out client.key 2048
    openssl ecparam -genkey -name secp384r1 -out client.key
    openssl req -config conf/client.cnf -new -key client.key -out client_reqout.txt 
    openssl x509 -req -in client_reqout.txt -days 3650 -sha1 -CAcreateserial -CA ca.crt -CAkey ca.pem -out client.crt
    
    conf/client.cnf
    [req]
    req_extensions = v3_req
    distinguished_name = req_distinguished_name
    prompt = no
    
    [req_distinguished_name]
    countryName            = CN                             
    stateOrProvinceName    = Beijing                       
    localityName           = Beijing                        
    postalCode             = 100022                        
    streetAddress          = GuoMaoSanQi                  
    organizationName       = apfelboymschule               
    organizationalUnitName = `"Support_Client"'                  
    emailAddress           = http.bj@qq.com  
    0.commonName           = localhost 
    
    [ v3_req ]
    keyUsage = keyEncipherment, dataEncipherment
    extendedKeyUsage = clientAuth
    

    以上ca.cnf,client.cnf,server.cnf 中的内容可以为同一个。在本示例中只是修改了 organizationalUnitName

    相关文章

      网友评论

          本文标题:生成自签名SSL证书

          本文链接:https://www.haomeiwen.com/subject/jbcosxtx.html