openssl证书 自签发 和私有CA证书几签发

openssl证书 自签发 

# server 端自签发证书

openssl genrsa -out server.key 2048 
openssl req -new   -days 3650 -subj "/C=GB/L=China/O=gobook/CN=server.io"  -key server.key  -out server.csr 

# client 客户端 自签发证书

openssl genrsa -out client.key 2048
openssl req -new -x509 -days 3650 -subj "/C=GB/L=China/O=gobook/CN=client.io" -key client.key -out client.crt

 

# 通过服务器ca证书签发机构签发证书

# 服务器ca证书签发

openssl  genrsa -out ca.key 2048 
openssl req -new -x509 -days 3650 -subj "/C=GB/L=China/O=gobook/CN=github.com" -key ca.key -out ca.crt

# server端签发证书

openssl req -new    -subj "/C=GB/L=China/O=gobook/CN=server.io"  -key server.key  -out server.csr 
openssl x509 -req -sha256  -CA ca.crt -CAkey ca.key  -CAcreateserial -days 3650 -in server.csr  -out server.crt 

# client 端签发证书

openssl  req -new  -subj "/C=GB/L=China/O=gobook/CN=client.io" -key client.key -out client.csr 
openssl x509 -req -sha256  -CA ca.crt -CAkey ca.key  -CAcreateserial -days 3650 -in client.csr -out client.cr

 

签发证书进行验证

root@localhost:~/ca# openssl verify    -CAfile ca.crt  client.crt 
client.crt: OK
root@localhost:~/ca# openssl verify    -CAfile ca.crt  server.crt 
server.crt: OK

  



posted @ 2022-07-21 15:35  Boks  阅读(145)  评论(0编辑  收藏  举报