Openssl自签发SSL证书
作者:互联网
确认系统中是否已安装openssl工具,没有就安装
yum install openssl openssl-devel -y
确认/etc/pki/CA目录下是否有以下文件,没有则自行创建
mkdir -pv /etc/pki/CA/{certs,crl,newcerts,private}
touch /etc/pki/CA/{serial,index.txt}
指定证书编号
cd /etc/pki/CA echo 01 >> serial
生成CA私钥
umask 077; openssl genrsa -out /etc/pki/CA/private/cakey.pem 4096
根据私钥生成CA证书
openssl req -new -x509 -key /etc/pki/CA/private/cakey.pem -out /etc/pki/CA/cacert.pem -days 3650
生成服务端证书
生成服务端私钥
创建要给存放服务端证书文件的目录
mkdir ./https && cd ./https openssl genrsa -out https.pem 4096
生成服务端证书请求
# 查看证书信息 openssl x509 -in /etc/pki/CA/cacert.pem -noout -subject # 生成证书请求 openssl req -new -key https.pem -out https.csr -days 365 -subj "/C=cn/ST=beijingshi/L=beijingshi/O=Default Company Ltd/OU=navysummer/CN=navysummer.top/emailAddress=navysummer@yeah.net"
生成服务端证书
openssl ca -in https.csr -out https.crt -days 365
Nginx上添加配置
ssl_certificate https.crt; ssl_certificate_key https.key;
标签:etc,签发,CA,openssl,Openssl,SSL,https,pem,pki 来源: https://www.cnblogs.com/navysummer/p/16536551.html