linux服务器手动生成ssl证书

openssl是目前最流行的SSL密码库工具，其提供了一个通用、健壮、功能完备的工具套件，用以支持SSL/TLS协议的实现。

比如生成到：/usr/local/ssl

1、生成命令

openssl req -x509 -nodes -days 36500 -newkey rsa:2048 -keyout /usr/local/ssl/nginx.key -out /usr/local/ssl/nginx.crt

2、生成过程：

[root@manage-host test]# openssl req -x509 -nodes -days 36500 -newkey rsa:2048 -keyout /usr/local/ssl/nginx.key -out /usr/local/ssl/nginx.crt
Generating a 2048 bit RSA private key
......................................................+++
............................+++
writing new private key to '/usr/local/ssl/nginx.key'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:CN
State or Province Name (full name) []:guangdong
Locality Name (eg, city) [Default City]:shenzhen
Organization Name (eg, company) [Default Company Ltd]:
Organizational Unit Name (eg, section) []:
Common Name (eg, your name or your server's hostname) []:
Email Address []:[email protected]

下面是上述命令相关字段含义：

Country ，单位所在国家，为两位数的国家缩写，如： CN 就是中国 State/Province ，单位所在州或省 Locality ，单位所在城市 / 或县区 Organization ，此网站的单位名称; Organization Unit，下属部门名称;也常常用于显示其他证书相关信息，如证书类型，证书产品名称或身份验证类型或验证内容等; Common Name ，网站的域名; Email Address ，邮箱地址
3、生成结果

在/usr/local/ssl目录下会生成nginx.crt和nginx.key文件