search

ourfor / blog

利用GitHub的Issues记录
https://github.com/ourfor/blog/issues
1 stars 0 forks source link

OpenSSL自签根证书 #52

Open ourfor opened 3 years ago

ourfor commented 3 years ago

微软教程 其他

openssl req -x509 -nodes -new -sha256 -days 365 -newkey rsa:2048 -keyout RootCA.key -out RootCA.pem -subj "/OU=ourfor/CN=${USER}/ST=Beijing/C=CN/CN=Kitty Inc CA"
openssl x509 -outform pem -in RootCA.pem -out RootCA.crt

openssl req -new -nodes -newkey rsa:2048 -keyout localhost.key -out localhost.csr -subj "/C=CN/ST=Beijing/L=Beijing/O=Kitty Inc/CN=localhost"
openssl x509 -req -sha256 -days 365 -in localhost.csr -CA RootCA.pem -CAkey RootCA.key -CAcreateserial -extfile domains.ext -out localhost.crt

domains.ext

authorityKeyIdentifier=keyid,issuer
basicConstraints=CA:FALSE
keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment
subjectAltName = @alt_names
[alt_names]
DNS.1 = localhost
DNS.2 = fake1.local
DNS.3 = fake2.local
DNS.4 = mb3admin.com
ourfor commented 3 years ago
ourfor commented 2 years ago

合并生成p12文件

openssl pkcs12 -export -in snail.lan.crt -inkey snail.lan.key -certfile RootCA.pem -out snail.lan.p12
ourfor commented 1 year ago 
/etc/ssl/certs/ca-certificates.crt