申请ca证书

# 生成CA证书
openssl genrsa -out ca/ca-key.pem 2048
openssl req -new -out ca/ca-req.csr -key ca/ca-key.pem
-----
Country Name (2 letter code) [AU]:cn
State or Province Name (full name) [Some-State]:guangdong
Locality Name (eg, city) []:shenzhen
Organization Name (eg, company) [Internet Widgits Pty Ltd]:jxk
Organizational Unit Name (eg, section) []:jxk
Common Name (e.g. server FQDN or YOUR name) []:root
Email Address []:test

Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:123456
An optional company name []:123456


openssl x509 -req -in ca/ca-req.csr -out ca/ca-cert.pem -signkey ca/ca-key.pem -days 3650
openssl pkcs12 -export -clcerts -in ca/ca-cert.pem -inkey ca/ca-key.pem -out ca/ca.p12

# 生成server证书
openssl genrsa -out server/server-key.pem 2048
openssl req -new -out server/server-req.csr -key server/server-key.pem

-----
Country Name (2 letter code) [AU]:cn
State or Province Name (full name) [Some-State]:guangdong
Locality Name (eg, city) []:shenzhen
Organization Name (eg, company) [Internet Widgits Pty Ltd]:jxk
Organizational Unit Name (eg, section) []:jxk
Common Name (e.g. server FQDN or YOUR name) []:127.0.0.1
Email Address []:test

Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:123456
An optional company name []:123456

 

openssl x509 -req -in server/server-req.csr -out server/server-cert.pem -signkey server/server-key.pem -CA ca/ca-cert.pem -CAkey ca/ca-key.pem -CAcreateserial -days 3650
openssl pkcs12 -export -clcerts -in server/server-cert.pem -inkey server/server-key.pem -out server/server.p12

 

# 生成client证书
openssl genrsa -out client/client-key.pem 2048
openssl req -new -out client/client-req.csr -key client/client-key.pem

-----
Country Name (2 letter code) [AU]:cn
State or Province Name (full name) [Some-State]:guangdong
Locality Name (eg, city) []:shenzhen
Organization Name (eg, company) [Internet Widgits Pty Ltd]:jxk
Organizational Unit Name (eg, section) []:jxk
Common Name (e.g. server FQDN or YOUR name) []:root
Email Address []:test

Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:123456
An optional company name []:123456


openssl x509 -req -in client/client-req.csr -out client/client-cert.pem -signkey client/client-key.pem -CA ca/ca-cert.pem -CAkey ca/ca-key.pem -CAcreateserial -days 3650
openssl pkcs12 -export -clcerts -in client/client-cert.pem -inkey client/client-key.pem -out client/client.p12

 

posted @ 2021-04-09 18:00  IT树  阅读(125)  评论(0编辑  收藏  举报