本文主要是介绍OpenSSL自签CA证书签署服务器SSL证书完整流程,希望对大家解决编程问题提供一定的参考价值,需要的开发者们随着小编来一起学习吧!
首先,在 http://slproweb.com/products/Win32OpenSSL.html 上下载已经编译好的OpenSSL库
然后通过如下步骤生成服务器证书:
1、生成根证书私钥:
openssl genrsa -out rootCA.key 4096
2、生成自签名根证书:
openssl req -x509 -new -nodes -key rootCA.key -sha256 -days 1024 -out rootCA.crt
3、生成server私钥:
openssl genrsa -out server.key 1024
4、根据subjectAltName.cnf生成server CSR:
openssl req -new -key server.key -out server.csr -config subjectAltName.cnf
5、查看生成的server CSR信息:
openssl req -noout -text -in server.csr
6、rootCA签署server CSR生成server CRT:
openssl x509 -req -days 500 -in server.csr -CA rootCA.crt -CAkey rootCA.key -CAcreateserial -out server.crt -extensions req_ext -extfile subjectAltName.cnf
以下为subjectAltName.cnf文件内容,请根据实际情况对localhost.dev进行替换:
[ req ]
distinguished_name = req_distinguished_name
req_extensions = req_ext[ req_distinguished_name ]
countryName = Country Name (2 letter code)
countryName_default = CN
stateOrProvinceName = State or Province Name (full name)
stateOrProvinceName_default = China
localityName = Locality Name (eg, city)
localityName_default = Beijing
organizationName = Organization Name (eg, company)
organizationName_default = localhost.dev
organizationalUnitName = Organizational Unit Name (eg, section)
organizationalUnitName_default = localhost.dev
commonName = Common Name (e.g. server FQDN or YOUR name)
commonName_max = 64
commonName_default = localhost.dev[ req_ext ]
subjectAltName = @alt_names[alt_names]
DNS.1 = localhost.dev
DNS.2 = *.localhost.dev
参考资料:
【HTTPS】使用OpenSSL生成带有SubjectAltName的自签名证书
这篇关于OpenSSL自签CA证书签署服务器SSL证书完整流程的文章就介绍到这儿,希望我们推荐的文章对编程师们有所帮助!
