Windows 安装 OpenSSL 生成自签名证书

Windows 安装 OpenSSL

https://slproweb.com/products/Win32OpenSSL.html

Win64 OpenSSL v3.3.2 Light
EXE
MSI 5MB Installer
MSI 蓝奏云

Win64 OpenSSL v3.3.2
EXE
MSI 217MB Installer

Win64 OpenSSL v3.1.2 Light
EXE | MSI

安装完毕,添加到系统变量 Path

C:\Program Files\OpenSSL-Win64\bin

win 键 + R,cmd,打开命令行界面

查看 openssl 版本

C:\Users\ran>openssl version
OpenSSL 3.0.5 5 Jul 2022 (Library: OpenSSL 3.0.5 5 Jul 2022)

比如想要生成的证书,放在 D 盘 cert 文件夹下,先 CD 到目录

C:\Users\ran>D:
D:\>cd D:\cert
D:\cert>

生成密钥,生成自签名证书

openssl req -newkey rsa:2048 -nodes -keyout key.pem -x509 -days 3650 -subj "/C=CN/CN=ioufev.com" -out cert.crt

🍄 输出的密钥:key.pem
🍄 输出的证书:cert.crt
🍐 证明的信息:/C=CN/CN=ioufev.com

最简单的证明信息要有
💎 C=CN,表示中国
💎 CN=ioufev.com,证书绑定域名:ioufev.com

将密钥和证书合并成一个 pfx 文件,并输入文件保护密码:12345678

openssl pkcs12 -export -in cert.crt -inkey key.pem -out test.pfx -name test

🍄 输入的密钥:key.pem
🍄 输入的证书:cert.crt
🍏 输出的 pfx 证书:test.pfx
🍀 输出证书的名字:test,不加 -name test 的话,默认名字是 1

详细记录

C:\Users\ran>D:

D:\>cd D:\cert

D:\cert>openssl req -newkey rsa:2048 -nodes -keyout key.pem -x509 -days 3650 -subj "/C=CN/CN=ioufev.com" -out cert.crt
...................+...+...+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*...+..+......+...+....+.....+.+.....+......+...+.+.....................+...+...+..+......+.+..............+......+.+.........+...+......+..+...+.........+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*.......+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
..+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*..+...+..+.+...+..+.......+......+......+........+.+..+............+.............+...+......+........+...+....+.....+.+..................+.....+......+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*.....+...+......+..+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
-----

D:\cert>openssl pkcs12 -export -in cert.crt -inkey key.pem -out test.pfx -name test
Enter Export Password:
Verifying - Enter Export Password:

D:\cert>
-----

D:\cert>openssl pkcs12 -export -in cert.crt -inkey key.pem -out test.pfx -name test
Enter Export Password:
Verifying - Enter Export Password:

D:\cert>

动图

posted @ 2022-10-08 15:19  ioufev  阅读(3952)  评论(0编辑  收藏  举报