生成自签名CA+SSL证书
1、创建CA证书配置CA.cnf文件
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 | [ req ] distinguished_name = req_distinguished_name x509_extensions = root_ca [ req_distinguished_name ] countryName = Country Name (2 letter code) countryName_default = CN countryName_min = 2 countryName_max = 2 stateOrProvinceName = State or Province Name (full name) stateOrProvinceName_default = HuBei localityName = Locality Name (eg, city) localityName_default = WuHan 0.organizationName = Organization Name (eg, company) 0.organizationName_default = Development CA organizationalUnitName = Organizational Unit Name (eg, section) organizationalUnitName_default = Development CA commonName = Common Name (eg, fully qualified host name) commonName_default = Development CA Certification Authority commonName_max = 64 emailAddress = Email Address emailAddress_default = CA@dev.com emailAddress_max = 64 [ root_ca ] basicConstraints = critical, CA: true 2. 创建ssl证书cert.cnf文件 distinguished_name = req_distinguished_name [ req_distinguished_name ] countryName = Country Name (2 letter code) countryName_default = CN countryName_min = 2 countryName_max = 2 stateOrProvinceName = State or Province Name (full name) stateOrProvinceName_default = HuBei localityName = Locality Name (eg, city) localityName_default = WuHan 0.organizationName = Organization Name (eg, company) 0.organizationName_default = Development Server organizationalUnitName = Organizational Unit Name (eg, section) organizationalUnitName_default = Development Server commonName = Common Name (eg, fully qualified host name) commonName_default = Development Server Certificate commonName_max = 64 emailAddress = Email Address emailAddress_default = server@dev.com emailAddress_max = 64 |
3. 创建ssl证书subjectName描述文件cert.ext
1 2 3 4 5 6 | subjectAltName = @alt_names extendedKeyUsage = serverAuth [alt_names] DNS.1 = localhost DNS.2 = 127.0.0.1 |
4. 创建CA+SSL证书
1 2 3 4 5 6 7 8 | # 生成CA 证书 openssl req -x509 -newkey rsa:4096 -out CA.cer -outform PEM -keyout CA.pvk -days 3650 -verbose -config CA.cnf -nodes -sha256 # 生成证书请求文件 openssl req -newkey rsa:4096 -keyout cert.pvk -out cert.req -config cert.cnf -sha256 -nodes #生成证书 openssl x509 -req -CA CA.cer -CAkey CA.pvk - in cert.req -out cert.cer -days 3650 -extfile cert.ext -sha256 -set_serial 0x1111 |
将生成的CA.cer导入到系统受信任的根证书颁发机构中,cert证书配置到应用服务器,即可通过https访问应用服务器
配置了subjectName后Chrome将不会再报 Subject Alternative Name Missing & ERR_SSL_VERSION_OR_CIPHER_MISMATCH 的错误
【推荐】编程新体验,更懂你的AI,立即体验豆包MarsCode编程助手
【推荐】凌霞软件回馈社区,博客园 & 1Panel & Halo 联合会员上线
【推荐】抖音旗下AI助手豆包,你的智能百科全书,全免费不限次数
【推荐】博客园社区专享云产品让利特惠,阿里云新客6.5折上折
【推荐】轻量又高性能的 SSH 工具 IShell:AI 加持,快人一步
· 浏览器原生「磁吸」效果!Anchor Positioning 锚点定位神器解析
· 没有源码,如何修改代码逻辑?
· 一个奇形怪状的面试题:Bean中的CHM要不要加volatile?
· [.NET]调用本地 Deepseek 模型
· 一个费力不讨好的项目,让我损失了近一半的绩效!
· PowerShell开发游戏 · 打蜜蜂
· 在鹅厂做java开发是什么体验
· 百万级群聊的设计实践
· WPF到Web的无缝过渡:英雄联盟客户端的OpenSilver迁移实战
· 永远不要相信用户的输入:从 SQL 注入攻防看输入验证的重要性