【CA】 Issue self-signed certificate

1. Generate a self-signed CA certificate

1.1 Generate CA private key

# openssl genrsa -out ca.key 2048

1.2 Generate CA self-signed certificate based on CA private key

# openssl req -new -x509 -days 3650 -key ca.key -out ca.crt -config /etc/pki/tls/openssl.cnf

2. Issue a certificate to the server through a CA self-signed certificate

2.1 Generate server private key

# openssl genrsa -out server.key 2048

2.2 Generate a server certificate signing application based on the server private key (used to issue a certificate)

# openssl req -new -out server.csr -key server.key -config /etc/pki/tls/openssl.cnf

2.3 Sign the application based on the CA certificate and the server certificate, and issue a certificate for the server

       Before issuing a certificate, the database file index.txt and serial file serial of the certificate must be created.

       And the serial number file must first give a serial number, such as "01"

# touch /etc/pki/CA/index.txt
# echo "01" >> /etc/pki/CA/serial

        official certificate

# openssl ca -in server.csr -out server.crt -cert ca.crt -keyfile ca.key -config /etc/pki/tls/openssl.cnf

        Then, the final server.crt is the server's certificate!