创建服务器证书秘钥文件
[root@Nginx ~]# openssl genrsa -des3 -out server.key 1024
...
Enter pass phrase for server.key: # 输入密码
Verifying - Enter pass phrase for server.key: # 确认密码
创建服务器证书申请文件
[root@Nginx ~]# openssl req -new -key server.key -out server.csr
Enter pass phrase for server.key: # 输入前面创建的密码
...
Country Name (2 letter code) [XX]:CN # 国家代号. 中国输入 CN
State or Province Name (full name) []:Beijing # 省的全名. 拼音
Locality Name (eg, city) [Default City]:Beijing # 市的全名.拼音
Organization Name (eg, company) [Default Company Ltd]:test # 公司英文名
Organizational Unit Name (eg, section) []: # 可以不输入
Common Name (eg, your name or your server's hostname) []:www.test.com # 域名
Email Address []:12222@163.com # 电子邮箱. 可随意填
...
A challenge password []: # 可以不输入
An optional company name []: # 可以不输入
去除秘钥口令
[root@Nginx ~]# openssl rsa -in server.key -out server.key
Enter pass phrase for server.key.org: # 输入密码
生成证书文件
[root@Nginx ~]# openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt
Signature ok
subject=/C=CN/ST=Beijing/L=Beijing/O=test/CN=www.test.com/emailAddress=122222@163.com
Getting Private key
