局域网使用 本地ip的ssl证书 mkcert

exsi主机安装ssl证书 ip 

https://blog.csdn.net/kadwf123/article/details/108314038

#############################

参考文章 https://github.com/FiloSottile/mkcert 

https://blog.dteam.top/posts/2019-04/%E6%9C%AC%E5%9C%B0https%E5%BF%AB%E9%80%9F%E8%A7%A3%E5%86%B3%E6%96%B9%E6%A1%88mkcert.html

 

安装mkcert

curl -JLO "https://dl.filippo.io/mkcert/latest?for=linux/amd64"
chmod +x mkcert-v*-linux-amd64
sudo cp mkcert-v*-linux-amd64 /usr/local/bin/mkcert

将 CA 证书加入本地可信 CA

$ mkcert -install

Created a new local CA 💥
The local CA is now installed in the system trust store! ⚡️
The local CA is now installed in the Firefox and/or Chrome/Chromium trust store (requires browser restart)! 🦊

创建证书

mkcert localhost 127.0.0.1 ::1 192.168.7.40

Created a new certificate valid for the following names 📜
- "localhost"
- "127.0.0.1"
- "::1"
- "192.168.7.40"

The certificate is at "./localhost+3.pem" and the key at "./localhost+3-key.pem" ✅

It will expire on 27 July 2025 🗓

查看证书颁发机构

mkcert -CAROOT

/root/.local/share/mkcert

客户机导入证书

可以看到 CA 路径下有两个文件rootCA-key.pem和rootCA.pem两个文件，用户需要信任rootCA.pem这个文件。将rootCA.pem拷贝一个副本，并命名为rootCA.crt(因为 windows 并不识别pem扩展名，并且 Ubuntu 也不会将pem扩展名作为 CA 证书文件对待)，将rootCA.crt文件分发给其他用户，手工导入。

windows 导入证书的方法是双击这个文件，在证书导入向导中将证书导入“受信任的根证书颁发机构”:

验证

curl -I https://192.168.7.40
HTTP/1.0 200 OK
Server: SimpleHTTP/0.6 Python/3.6.8
Date: Tue, 09 Apr 2019 05:22:12 GMT
Content-type: text/html; charset=utf-8
Content-Length: 1794