openssl.exe genrsa -out ca.key 2048
openssl req -new -x509 -days 3650 -key ca.key -out ca.crt
openssl genrsa -out server.key 2048
openssl req -new -out server.csr -key server.key
openssl ca -in server.csr -out server.crt -cert ca.crt -keyfile ca.key -extfile v3.ext
openssl genrsa -out server_1_76.key 2048
openssl req -new -out server_1_76.csr -key server_1_76.key
openssl ca -in server_1_76.csr -out server_1_76.crt -cert ca.crt -keyfile ca.key -extfile v3.ext
v3.ext文件内容
authorityKeyIdentifier=keyid,issuer
basicConstraints=CA:FALSE
keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment
subjectAltName = @alt_names
[alt_names]
DNS.1 = localhost
DNS.2 = cloud.test.com
IP.1 = 127.0.0.1
IP.2 = 192.168.1.76
在openssl同级目录下新建demoCa目录。在demoCa下新建index.txt 和serial文件。
index.txt内容为空,serial内容为01。
在demoCa文件下新建文件夹newcerts。
因为openssl命令默认使用apache/conf/openssl.cnf配置文件。
