# 生成CA证书
openssl genrsa -out ca/ca-key.pem 2048
openssl req -new -out ca/ca-req.csr -key ca/ca-key.pem
-----
Country Name (2 letter code) [AU]:cn
State or Province Name (full name) [Some-State]:guangdong
Locality Name (eg, city) []:shenzhen
Organization Name (eg, company) [Internet Widgits Pty Ltd]:jxk
Organizational Unit Name (eg, section) []:jxk
Common Name (e.g. server FQDN or YOUR name) []:root
Email Address []:test
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:123456
An optional company name []:123456
openssl x509 -req -in ca/ca-req.csr -out ca/ca-cert.pem -signkey ca/ca-key.pem -days 3650
openssl pkcs12 -export -clcerts -in ca/ca-cert.pem -inkey ca/ca-key.pem -out ca/ca.p12
# 生成server证书
openssl genrsa -out server/server-key.pem 2048
openssl req -new -out server/server-req.csr -key server/server-key.pem
-----
Country Name (2 letter code) [AU]:cn
State or Province Name (full name) [Some-State]:guangdong
Locality Name (eg, city) []:shenzhen
Organization Name (eg, company) [Internet Widgits Pty Ltd]:jxk
Organizational Unit Name (eg, section) []:jxk
Common Name (e.g. server FQDN or YOUR name) []:127.0.0.1
Email Address []:test
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:123456
An optional company name []:123456
openssl x509 -req -in server/server-req.csr -out server/server-cert.pem -signkey server/server-key.pem -CA ca/ca-cert.pem -CAkey ca/ca-key.pem -CAcreateserial -days 3650
openssl pkcs12 -export -clcerts -in server/server-cert.pem -inkey server/server-key.pem -out server/server.p12
# 生成client证书
openssl genrsa -out client/client-key.pem 2048
openssl req -new -out client/client-req.csr -key client/client-key.pem
-----
Country Name (2 letter code) [AU]:cn
State or Province Name (full name) [Some-State]:guangdong
Locality Name (eg, city) []:shenzhen
Organization Name (eg, company) [Internet Widgits Pty Ltd]:jxk
Organizational Unit Name (eg, section) []:jxk
Common Name (e.g. server FQDN or YOUR name) []:root
Email Address []:test
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:123456
An optional company name []:123456
openssl x509 -req -in client/client-req.csr -out client/client-cert.pem -signkey client/client-key.pem -CA ca/ca-cert.pem -CAkey ca/ca-key.pem -CAcreateserial -days 3650
openssl pkcs12 -export -clcerts -in client/client-cert.pem -inkey client/client-key.pem -out client/client.p12
