如何生成TLS(SSL)证书
https://zhuanlan.zhihu.com/p/423506052
生成CA根证书的步骤
生成CA私钥(.key)-->生成CA证书请求(.csr)-->自签名得到根证书(.crt)
# Generate CA private key
openssl genrsa -out ca.key 2048
# Generate CSR
openssl req -new -key ca.key -out ca.csr
# Generate Self Signed certificate(CA 根证书)
openssl x509 -req -days 365 -in ca.csr -signkey ca.key -out ca.crt
生成用户证书的步骤
生成私钥(.key)-->生成证书请求(.csr)-->用CA根证书签名得到证书(.crt)
# private key
$openssl genrsa -des3 -out server.key 1024
# generate csr
$openssl req -new -key server.key -out server.csr
# generate certificate
$openssl ca -in server.csr -out server.crt -cert ca.crt -keyfile ca.key
生成pem文件
cat server.crt server.key > server.pem
错误解决方法
https://blog.csdn.net/n_u_l_l_/article/details/103536588
touch /etc/pki/CA/index.txt
echo 01 > /etc/pki/CA/serial