局域网使用 本地ip的ssl证书 mkcert
exsi主机安装ssl证书 ip
https://blog.csdn.net/kadwf123/article/details/108314038
#############################
参考文章 https://github.com/FiloSottile/mkcert
https://blog.dteam.top/posts/2019-04/%E6%9C%AC%E5%9C%B0https%E5%BF%AB%E9%80%9F%E8%A7%A3%E5%86%B3%E6%96%B9%E6%A1%88mkcert.html
安装mkcert
curl -JLO "https://dl.filippo.io/mkcert/latest?for=linux/amd64" chmod +x mkcert-v*-linux-amd64 sudo cp mkcert-v*-linux-amd64 /usr/local/bin/mkcert
将 CA 证书加入本地可信 CA
$ mkcert -install
Created a new local CA 💥
The local CA is now installed in the system trust store! ⚡️
The local CA is now installed in the Firefox and/or Chrome/Chromium trust store (requires browser restart)! 🦊
创建证书
mkcert localhost 127.0.0.1 ::1 192.168.7.40
Created a new certificate valid for the following names 📜
- "localhost"
- "127.0.0.1"
- "::1"
- "192.168.7.40"
The certificate is at "./localhost+3.pem" and the key at "./localhost+3-key.pem" ✅
It will expire on 27 July 2025 🗓
查看证书颁发机构
mkcert -CAROOT
/root/.local/share/mkcert
客户机导入证书
可以看到 CA 路径下有两个文件rootCA-key.pem
和rootCA.pem
两个文件,用户需要信任rootCA.pem
这个文件。将rootCA.pem
拷贝一个副本,并命名为rootCA.crt
(因为 windows 并不识别pem
扩展名,并且 Ubuntu 也不会将pem
扩展名作为 CA 证书文件对待),将rootCA.crt
文件分发给其他用户,手工导入。
windows 导入证书的方法是双击这个文件,在证书导入向导中将证书导入“受信任的根证书颁发机构”
:
验证
curl -I https://192.168.7.40
HTTP/1.0 200 OK
Server: SimpleHTTP/0.6 Python/3.6.8
Date: Tue, 09 Apr 2019 05:22:12 GMT
Content-type: text/html; charset=utf-8
Content-Length: 1794