openSSL 本地 创建pkcs8 格式SSL证书流程
windows:
命令行方式创建
1、生成CA证书
//创建CA PSCK1私钥
openssl genrsa -out ca/ca-key1.pem 1024
//CA PSCK1转PSCK8私钥
openssl pkcs8 -topk8 -inform PEM -in ca/ca-key1.pem -outform pem -nocrypt -out ca/ca-key.pem
//CA私钥 创建CSR请求(此处会要求证书相关信息参数)
openssl req -new -out ca/ca-req.csr -key ca/ca-key.pem -config openssl.cnf
//生成CA的X509证书
openssl x509 -req -in ca/ca-req.csr -out ca/ca-cert.pem -signkey ca/ca-key.pem -days 3650
2、生成服务器证书
//创建服务器PSCK1私钥
openssl genrsa -out server/server-key.pem 1024
//服务器 PSCK1转PSCK8私钥
openssl pkcs8 -topk8 -inform PEM -in server/server-key.pem -outform pem -nocrypt -out server/server-pkcs8.pem
//服务器私钥 创建CSR请求(此处会要求证书相关信息参数)
openssl req -new -out server/server-req.csr -key server/server-pkcs8.pem -config openssl.cnf
//生成服务器的X509证书
openssl x509 -req -in server/server-req.csr -out server/server-cert.pem -signkey server/server-key.pem -CA ca/ca-cert.pem -CAkey ca/ca-key.pem -CAcreateserial -days 3650
3、生成客户端的证书
//创建客户端PSCK1私钥
openssl genrsa -out client/client-key.pem 1024
//客户端 PSCK1转PSCK8私钥
openssl pkcs8 -topk8 -inform PEM -in client/client-key.pem -outform pem -nocrypt -out client/client-pkcs8.pem
//客户端私钥 创建CSR请求(此处会要求证书相关信息参数)
openssl req -new -out client/client-req.csr -key client/client-pkcs8.pem -config openssl.cnf
//生成客户端的X509证书
openssl x509 -req -in client/client-req.csr -out client/client-cert.pem -signkey client/client-key.pem -CA ca/ca-cert.pem -CAkey ca/ca-key.pem -CAcreateserial -days 3650