openssl genrsa -des3 -out domain.key 1024
openssl req -new -key domain.key -out domain.csr
openssl req -new -x509 -keyout ca.key -out ca.crt
openssl ca -in domain.csr -out domain.crt -cert ca.crt -keyfile ca.key
openssl ca -in domain.csr -out domain.crt -cert ca.crt -keyfile ca.key -extfile extfile.cnf
echo subjectAltName = IP:127.0.0.1 > extfile.cnf
openssl x509 -req -days 365 -in server.csr -CA ca.pem -CAkey ca-key.pem -CAcreateserial \
-out server-cert.pem -extfile extfile.cnf
自己手动创建一个CA目录结构:
[weigw@TEST bin]$ mkdir ./demoCA
[weigw@TEST bin]$ mkdir demoCA/newcerts
创建个空文件:
[weigw@TEST bin]$ vi demoCA/index.txt
向文件中写入01:
[weigw@TEST bin]$ vi demoCA/serial
csr 域名相符