I learned what is the HTTPS protocol earlier, and briefly understood the related concepts of the SSL/TLS protocol. Among them, the most critical point in the S in HTTPS is "public key and private key", so now let's learn how to make a "public key && private key"
The process of using
OPENSSL
to generate a self-signed certificate is as follows, the followinggoogle.com
domain names can be used freely, but when replacing, the domain names in each instruction must be replaced with the same
-
generate private key
openssl genrsa -out google.com.key 2048
-
Generate CSR (Certificate Signing)
openssl req -new -out google.com.csr -key google.com.key
-
Generate a self-signed certificate
openssl x509 -req -in google.com.csr -out google.com.cer -signkey google.com.key -CAcreateserial -days 36500
-
Generate server CRT format certificate
openssl x509 -inform PEM -in google.com.cer -out google.com.crt
-
Generate PEM public key
openssl x509 -in google.com.crt -outform PEM -out google.com.pem
*.PEM & *.KEY
The two suffix files are the final public key and private key that need to be used