新建一个文件夹作为证书导出的位置,切换到这个文件夹内,新建一个cer.cnf配置文件,如下:
[req]
distinguished_name = req_distinguished_name
req_extensions = v3_req
[req_distinguished_name]
countryName = ZH
countryName_default = CN
stateOrProvinceName = ZheJiang
stateOrProvinceName_default = ZheJiang
localityName = HuZhou
localityName_default = WuKang
organizationalUnitName = public section
organizationalUnitName_default = Domain Control Validated
commonName = Future Machine Research Institute
commonName_max = 64
[ v3_req ]
# Extensions to add to a certificate request
basicConstraints = CA:FALSE
keyUsage = nonRepudiation, digitalSignature, keyEncipherment
subjectAltName = @alt_names
[alt_names]
IP.1 = 127.0.0.1
DNS.1 = localhost
根证书:
openssl genrsa -out ca-key.pem 2048
openssl req -new -key ca-key.pem -out ca-csr.pem -subj "/C=CN/ST=ShangHai/L=ShangHai/O=Yunan International Trust Company/OU=Internet Finance/CN=YNTRUST"
openssl x509 -req -days 3000 -sha256 -extensions v3_ca -signkey ca-key.pem -in ca-csr.pem -out ca-cert.pem
服务器证书:
openssl genrsa -out server-key.pem 2048
openssl req -new -key server-key.pem -config cer.cnf -out server-csr.pem -subj "/C=CN/ST=ShangHai/L=ShangHai/O=Yunan International Trust Company/OU=Internet Finance/CN=YNTRUST"
openssl x509 -req -days 3000 -sha256 -CA ca-cert.pem -CAkey ca-key.pem -CAcreateserial -in server-csr.pem -out server-cert.pem -extensions v3_req -extfile cer.cnf
网友评论