linux cfssl self-signed certificate
1. Installation
curl -s -L -o /usr/bin/cfssl https://pkg.cfssl.org/R1.2/cfssl_linux-amd64
curl -s -L -o /usr/bin/cfssl-json https://pkg.cfssl.org/R1.2/cfssljson_linux-amd64
curl -s -L -o /usr/bin/cfssl-certinfo https://pkg.cfssl.org/R1.2/cfssl-certinfo_linux-amd64
chmod +X /usr/bin/cfssl*
2. Create a json configuration file for the CA certificate signing request (csr)
vi /opt/certs/ca-csr.json
{
"CN": "test123",
"hosts": [],
"key": {
"algo": "rsa",
"size": 2048
},
"names": [{
"C": "CN",
"ST": "beijing",
"L": "beijing",
"O": "test",
"OU": "ok"
}],
"ca": {
"expiry": "175200h"
}
}
CN: General write domain name
C: Country
ST: Province
L: City
O: Company name
OU: Department name
175200h: 20 years
3. Generate CA certificate and private key
cfssl gencert -initca ca-csr.json | cfssl-json -bare ca