cndavy

导航

 

openssl genrsa -des3 -out domain.key 1024


openssl req -new -key domain.key -out domain.csr


openssl req -new -x509 -keyout ca.key -out ca.crt

openssl ca -in domain.csr -out domain.crt -cert ca.crt -keyfile ca.key

 

openssl ca -in domain.csr -out domain.crt -cert ca.crt -keyfile ca.key  -extfile extfile.cnf

echo subjectAltName = IP:127.0.0.1 > extfile.cnf
openssl x509 -req -days 365 -in server.csr -CA ca.pem -CAkey ca-key.pem -CAcreateserial \
   -out server-cert.pem -extfile extfile.cnf

 

自己手动创建一个CA目录结构:
  [weigw@TEST bin]$ mkdir ./demoCA
  [weigw@TEST bin]$ mkdir demoCA/newcerts
  创建个空文件:
  [weigw@TEST bin]$ vi demoCA/index.txt
  向文件中写入01:
  [weigw@TEST bin]$ vi demoCA/serial

 

csr  域名相符

 

posted on 2015-11-27 23:39  cndavy  阅读(328)  评论(2编辑  收藏  举报