本地自签https证书,实现https加域名访问服务

# 前言
实现本地自签https证书,其实有很多方式
如下所示:itisscg openssl keytools mkcert


# 情境
如果没有做过的,大家可以先参考如下链接
https://www.cnblogs.com/zhoudawei/p/9257276.html
https://blog.csdn.net/byg184244735/article/details/85071877
https://blog.csdn.net/qq_42403866/article/details/107147113
https://www.jianshu.com/p/7a72851676f1
linux 平台下生成根证书步骤

1. 
[root@localhost tls2]# openssl req -sha256 -new -x509 -days 3650 -keyout CA.key -out CA.crt -config openssl.cnf
WARNING: can't open config file: /etc/pki/tls/openssl.cnf
Generating a 2048 bit RSA private key
.....................................................................+++
........+++
writing new private key to 'CA.key'
Enter PEM pass phrase:
Verifying - Enter PEM pass phrase:
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:CN
State or Province Name (full name) []:bj
Locality Name (eg, city) [Default City]:bj
Organization Name (eg, company) [Default Company Ltd]:hongyi
Organizational Unit Name (eg, section) []:hongyi
Common Name (eg, your name or your server's hostname) []:aliyun
Email Address []:


2. 
[root@localhost tls2]# openssl genrsa -out macrowing.com.key 2048
WARNING: can't open config file: /etc/pki/tls/openssl.cnf
Generating RSA private key, 2048 bit long modulus
..................+++
.....................................+++
e is 65537 (0x10001)


3. 
[root@localhost tls2]# openssl req -new -sha256 -key macrowing.com.key -out macrowing.com.csr -config openssl.cnf
WARNING: can't open config file: /etc/pki/tls/openssl.cnf
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:CN
State or Province Name (full name) []:bj
Locality Name (eg, city) [Default City]:bj
Organization Name (eg, company) [Default Company Ltd]:hongyi
Organizational Unit Name (eg, section) []:hongyi
Common Name (eg, your name or your server's hostname) []:macrowing.com
Email Address []:

Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:wso2carbon
An optional company name []:hongyi

4. 
[root@localhost tls2]# openssl req -in macrowing.com.csr -text
WARNING: can't open config file: /etc/pki/tls/openssl.cnf
Unable to load config info from /etc/pki/tls/openssl.cnf
Certificate Request:
    Data:
        Version: 0 (0x0)
        Subject: C=CN, ST=bj, L=bj, O=hongyi, OU=hongyi, CN=macrowing.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                Public-Key: (2048 bit)
                Modulus:
                    00:c8:c4:0a:5e:2f:c3:1e:b2:13:88:e1:2f:b1:7b:
                    49:66:f6:da:0d:85:ff:94:a7:a3:6f:8c:e6:30:31:
                    da:37:6f:a1:3f:07:a9:80:5d:22:23:5f:4a:40:68:
                    64:e5:f3:7a:7f:2e:a1:7b:e8:84:16:b9:61:8e:ba:
                    19:a7:67:74:73:01:31:51:0d:a2:b0:03:5b:c6:1c:
                    b9:e9:12:86:6a:db:21:c4:5a:2a:07:b2:dd:b4:eb:
                    ff:6e:ee:b4:a6:bf:24:fb:87:1e:2e:a1:8a:60:99:
                    8a:94:53:96:14:11:91:24:77:e9:64:58:4c:49:b0:
                    b8:48:29:bb:a0:ff:d2:05:31:3b:c2:e4:f8:d4:d8:
                    3e:d0:cb:6a:25:ec:85:22:ef:d4:de:ed:3b:0d:3e:
                    25:7c:6a:31:eb:4e:81:df:fc:5d:17:23:14:b3:3d:
                    72:81:c5:cf:b4:c9:b8:8f:00:d6:4b:ea:d4:99:a6:
                    ee:1a:ff:00:df:11:36:52:a0:cb:39:46:a5:b9:7a:
                    fb:bb:85:95:c0:b4:03:ea:c4:b3:6a:c1:b6:39:46:
                    fd:5c:35:fc:07:d2:98:a0:1b:aa:bf:60:ed:72:a3:
                    87:ae:65:e4:ad:ed:ac:af:b9:4e:a9:e3:17:c4:e2:
                    15:4c:13:97:36:0f:74:cd:89:35:91:f4:aa:d4:a5:
                    bb:3f
                Exponent: 65537 (0x10001)
        Attributes:
            unstructuredName         :hongyi
            challengePassword        :wso2carbon
        Requested Extensions:
            X509v3 Basic Constraints: 
                CA:FALSE
            X509v3 Key Usage: 
                Digital Signature, Non Repudiation, Key Encipherment
            X509v3 Subject Alternative Name: 
                DNS:macrowing.com, DNS:*.macrowing.com, IP Address:192.168.2.199, IP Address:192.169.2.1
    Signature Algorithm: sha256WithRSAEncryption
         2d:4e:3c:a7:43:68:e5:c4:58:d7:4c:f7:1e:e6:ce:31:1e:d2:
         11:ce:19:15:56:50:27:8e:3a:df:b6:53:89:bd:7a:f8:9c:c9:
         0f:88:10:2b:71:87:74:67:ad:3d:41:bb:e6:b8:26:db:8a:22:
         a5:76:a0:ea:3c:1e:4f:4c:01:3c:0c:54:6c:c2:11:52:5a:66:
         c9:f1:d6:68:5a:3e:72:a0:f2:83:5d:37:9c:9d:ed:e0:b1:48:
         87:6e:6e:6b:47:bd:15:a1:7d:ae:26:30:6c:54:0d:be:35:e6:
         3e:ff:1d:2e:93:bf:d9:3b:ae:55:10:05:53:8d:45:8f:1d:88:
         5a:e5:e1:43:bb:72:d7:72:c8:9f:9e:ef:58:6a:b1:da:06:f7:
         d7:f0:9b:24:c9:61:ea:e9:dd:ce:cc:70:2e:35:5d:82:99:e4:
         54:4b:5b:93:6a:53:68:65:5a:9c:fe:3a:6f:a1:51:2c:ef:dd:
         09:79:8b:e4:0d:e4:fc:c8:36:1b:f6:d7:73:2e:04:ca:e2:9e:
         95:19:c0:85:84:69:2a:8a:40:3e:ba:0a:57:68:c9:f7:49:5f:
         19:14:a2:d9:29:72:80:74:0c:29:3e:77:d1:f7:42:68:15:d5:
         07:5d:4f:4d:13:d6:f2:25:89:80:69:68:4c:ee:80:df:b3:9d:
         c1:b8:4e:cb
-----BEGIN CERTIFICATE REQUEST-----
MIIDOTCCAiECAQAwYTELMAkGA1UEBhMCQ04xCzAJBgNVBAgMAmJqMQswCQYDVQQH
DAJiajEPMA0GA1UECgwGaG9uZ3lpMQ8wDQYDVQQLDAZob25neWkxFjAUBgNVBAMM
DW1hY3Jvd2luZy5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDI
xApeL8MeshOI4S+xe0lm9toNhf+Up6NvjOYwMdo3b6E/B6mAXSIjX0pAaGTl83p/
LqF76IQWuWGOuhmnZ3RzATFRDaKwA1vGHLnpEoZq2yHEWioHst206/9u7rSmvyT7
hx4uoYpgmYqUU5YUEZEkd+lkWExJsLhIKbug/9IFMTvC5PjU2D7Qy2ol7IUi79Te
7TsNPiV8ajHrToHf/F0XIxSzPXKBxc+0ybiPANZL6tSZpu4a/wDfETZSoMs5RqW5
evu7hZXAtAPqxLNqwbY5Rv1cNfwH0pigG6q/YO1yo4euZeSt7ayvuU6p4xfE4hVM
E5c2D3TNiTWR9KrUpbs/AgMBAAGggZIwFQYJKoZIhvcNAQkCMQgMBmhvbmd5aTAZ
BgkqhkiG9w0BCQcxDAwKd3NvMmNhcmJvbjBeBgkqhkiG9w0BCQ4xUTBPMAkGA1Ud
EwQCMAAwCwYDVR0PBAQDAgXgMDUGA1UdEQQuMCyCDW1hY3Jvd2luZy5jb22CDyou
bWFjcm93aW5nLmNvbYcEwKgCx4cEwKkCATANBgkqhkiG9w0BAQsFAAOCAQEALU48
p0No5cRY10z3HubOMR7SEc4ZFVZQJ44637ZTib16+JzJD4gQK3GHdGetPUG75rgm
24oipXag6jweT0wBPAxUbMIRUlpmyfHWaFo+cqDyg103nJ3t4LFIh25ua0e9FaF9
riYwbFQNvjXmPv8dLpO/2TuuVRAFU41Fjx2IWuXhQ7ty13LIn57vWGqx2gb31/Cb
JMlh6undzsxwLjVdgpnkVEtbk2pTaGVanP46b6FRLO/dCXmL5A3k/Mg2G/bXcy4E
yuKelRnAhYRpKopAProKV2jJ90lfGRSi2SlygHQMKT530fdCaBXVB11PTRPW8iWJ
gGloTO6A37OdwbhOyw==
-----END CERTIFICATE REQUEST-----


5.
需先执行一下两条命令:
	sudo touch /etc/pki/CA/index.txt
	echo 01 | sudo tee /etc/pki/CA/serial
[root@localhost tls2]# openssl ca -in macrowing.com.csr -md sha256 -out macrowing.com.crt -cert CA.crt -keyfile CA.key -extensions v3_req -config openssl.cnf
WARNING: can't open config file: /etc/pki/tls/openssl.cnf
Using configuration from openssl.cnf
Enter pass phrase for CA.key:
Check that the request matches the signature
Signature ok
Certificate Details:
        Serial Number: 5 (0x5)
        Validity
            Not Before: Dec 18 03:28:00 2020 GMT
            Not After : Dec 18 03:28:00 2021 GMT
        Subject:
            countryName               = CN
            stateOrProvinceName       = bj
            organizationName          = hongyi
            organizationalUnitName    = hongyi
            commonName                = macrowing.com
        X509v3 extensions:
            X509v3 Basic Constraints: 
                CA:FALSE
            X509v3 Key Usage: 
                Digital Signature, Non Repudiation, Key Encipherment
            X509v3 Subject Alternative Name: 
                DNS:macrowing.com, DNS:*.macrowing.com, IP Address:192.168.2.199, IP Address:192.169.2.1
Certificate is to be certified until Dec 18 03:28:00 2021 GMT (365 days)
Sign the certificate? [y/n]:y


1 out of 1 certificate requests certified, commit? [y/n]y
Write out database with 1 new entries
Data Base Updated


6. 
[root@localhost tls2]# openssl x509 -in macrowing.com.crt -text
WARNING: can't open config file: /etc/pki/tls/openssl.cnf
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 5 (0x5)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: C=CN, ST=bj, L=bj, O=hongyi, OU=hongyi, CN=aliyun
        Validity
            Not Before: Dec 18 03:28:00 2020 GMT
            Not After : Dec 18 03:28:00 2021 GMT
        Subject: C=CN, ST=bj, O=hongyi, OU=hongyi, CN=macrowing.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                Public-Key: (2048 bit)
                Modulus:
                    00:c8:c4:0a:5e:2f:c3:1e:b2:13:88:e1:2f:b1:7b:
                    49:66:f6:da:0d:85:ff:94:a7:a3:6f:8c:e6:30:31:
                    da:37:6f:a1:3f:07:a9:80:5d:22:23:5f:4a:40:68:
                    64:e5:f3:7a:7f:2e:a1:7b:e8:84:16:b9:61:8e:ba:
                    19:a7:67:74:73:01:31:51:0d:a2:b0:03:5b:c6:1c:
                    b9:e9:12:86:6a:db:21:c4:5a:2a:07:b2:dd:b4:eb:
                    ff:6e:ee:b4:a6:bf:24:fb:87:1e:2e:a1:8a:60:99:
                    8a:94:53:96:14:11:91:24:77:e9:64:58:4c:49:b0:
                    b8:48:29:bb:a0:ff:d2:05:31:3b:c2:e4:f8:d4:d8:
                    3e:d0:cb:6a:25:ec:85:22:ef:d4:de:ed:3b:0d:3e:
                    25:7c:6a:31:eb:4e:81:df:fc:5d:17:23:14:b3:3d:
                    72:81:c5:cf:b4:c9:b8:8f:00:d6:4b:ea:d4:99:a6:
                    ee:1a:ff:00:df:11:36:52:a0:cb:39:46:a5:b9:7a:
                    fb:bb:85:95:c0:b4:03:ea:c4:b3:6a:c1:b6:39:46:
                    fd:5c:35:fc:07:d2:98:a0:1b:aa:bf:60:ed:72:a3:
                    87:ae:65:e4:ad:ed:ac:af:b9:4e:a9:e3:17:c4:e2:
                    15:4c:13:97:36:0f:74:cd:89:35:91:f4:aa:d4:a5:
                    bb:3f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Basic Constraints: 
                CA:FALSE
            X509v3 Key Usage: 
                Digital Signature, Non Repudiation, Key Encipherment
            X509v3 Subject Alternative Name: 
                DNS:macrowing.com, DNS:*.macrowing.com, IP Address:192.168.2.199, IP Address:192.169.2.1
    Signature Algorithm: sha256WithRSAEncryption
         99:fa:24:d8:14:94:c2:d7:42:f3:b4:87:2f:54:b7:c5:2c:04:
         23:71:be:fe:c3:fa:3d:ef:39:28:4c:5d:72:38:7c:bc:ca:cb:
         d1:56:d2:00:ff:2f:68:b0:2b:eb:71:68:10:a6:68:59:26:54:
         d6:b3:85:39:82:cf:d7:a7:89:60:91:ec:12:68:d1:46:c0:17:
         b4:7f:56:bd:ed:0c:2b:9e:7a:a6:2c:62:08:9d:9c:d0:94:f0:
         37:7d:8a:30:05:d5:d4:54:c7:f2:11:cf:f0:81:14:27:61:e2:
         16:ec:04:3e:03:4b:f3:9f:90:a4:0f:12:e4:06:bc:e3:98:57:
         2b:28:1d:58:3a:9e:57:fd:cf:aa:4c:60:3d:62:ca:ef:a3:1d:
         ab:1f:ba:2f:d3:66:4d:3a:80:a6:2a:96:d8:9e:3b:0a:69:77:
         a6:f1:66:12:29:e9:b4:0c:72:4e:b9:cd:5e:3c:4b:f0:16:f8:
         05:5a:f8:1d:6c:03:16:27:ea:fc:5b:0f:18:27:f4:c7:a0:72:
         da:83:61:fa:53:e8:35:80:04:4a:7c:31:57:0a:df:14:1b:5b:
         2c:40:87:55:1f:7d:ae:3a:3b:5b:ea:56:dd:c2:53:70:73:b9:
         cf:bd:43:5d:bb:e6:4d:2e:f3:62:69:6d:97:5f:cf:77:8e:f2:
         e9:cf:ba:ab
-----BEGIN CERTIFICATE-----
MIIDejCCAmKgAwIBAgIBBTANBgkqhkiG9w0BAQsFADBaMQswCQYDVQQGEwJDTjEL
MAkGA1UECAwCYmoxCzAJBgNVBAcMAmJqMQ8wDQYDVQQKDAZob25neWkxDzANBgNV
BAsMBmhvbmd5aTEPMA0GA1UEAwwGYWxpeXVuMB4XDTIwMTIxODAzMjgwMFoXDTIx
MTIxODAzMjgwMFowVDELMAkGA1UEBhMCQ04xCzAJBgNVBAgMAmJqMQ8wDQYDVQQK
DAZob25neWkxDzANBgNVBAsMBmhvbmd5aTEWMBQGA1UEAwwNbWFjcm93aW5nLmNv
bTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMjECl4vwx6yE4jhL7F7
SWb22g2F/5Sno2+M5jAx2jdvoT8HqYBdIiNfSkBoZOXzen8uoXvohBa5YY66Gadn
dHMBMVENorADW8YcuekShmrbIcRaKgey3bTr/27utKa/JPuHHi6himCZipRTlhQR
kSR36WRYTEmwuEgpu6D/0gUxO8Lk+NTYPtDLaiXshSLv1N7tOw0+JXxqMetOgd/8
XRcjFLM9coHFz7TJuI8A1kvq1Jmm7hr/AN8RNlKgyzlGpbl6+7uFlcC0A+rEs2rB
tjlG/Vw1/AfSmKAbqr9g7XKjh65l5K3trK+5TqnjF8TiFUwTlzYPdM2JNZH0qtSl
uz8CAwEAAaNRME8wCQYDVR0TBAIwADALBgNVHQ8EBAMCBeAwNQYDVR0RBC4wLIIN
bWFjcm93aW5nLmNvbYIPKi5tYWNyb3dpbmcuY29thwTAqALHhwTAqQIBMA0GCSqG
SIb3DQEBCwUAA4IBAQCZ+iTYFJTC10LztIcvVLfFLAQjcb7+w/o97zkoTF1yOHy8
ysvRVtIA/y9osCvrcWgQpmhZJlTWs4U5gs/Xp4lgkewSaNFGwBe0f1a97Qwrnnqm
LGIInZzQlPA3fYowBdXUVMfyEc/wgRQnYeIW7AQ+A0vzn5CkDxLkBrzjmFcrKB1Y
Op5X/c+qTGA9Ysrvox2rH7ov02ZNOoCmKpbYnjsKaXem8WYSKem0DHJOuc1ePEvw
FvgFWvgdbAMWJ+r8Ww8YJ/THoHLag2H6U+g1gARKfDFXCt8UG1ssQIdVH32uOjtb
6lbdwlNwc7nPvUNdu+ZNLvNiaW2XX893jvLpz7qr
-----END CERTIFICATE-----


7. 
openssl x509 -in macrowing.com.crt -out macrowing.com.pem -outform PEM


8. 
openssl pkcs12 -export -in macrowing.com.crt -inkey macrowing.com.key -passin pass:wso2carbon -name wso2carbon -chain -CAfile CA.crt -password pass:wso2carbon -caname ziqianca -out wso2carbon.p12



9.
1.查看p12证书
keytool -rfc -list -keystore wso2carbon.p12 -storetype pkcs12    密码是:changeit


10.
keytool -importkeystore -srckeystore wso2carbon.p12 -srcstoretype PKCS12 -deststoretype JKS -destkeystore wso2carbon.jks
正在将密钥库 wso2carbon.p12 导入到 wso2carbon.jks...
输入目标密钥库口令:  
再次输入新口令: 
输入源密钥库口令:  
已成功导入别名 wso2carbon 的条目。
已完成导入命令: 1 个条目成功导入, 0 个条目失败或取消

Warning:
JKS 密钥库使用专用格式。建议使用 "keytool -importkeystore -srckeystore wso2carbon.jks -destkeystore wso2carbon.jks -deststoretype pkcs12" 迁移到行业标准格式 PKCS12。

然后配置nginx或者Apache或者tomcat就可以了

  • 1
    点赞
  • 1
    收藏
    觉得还不错? 一键收藏
  • 0
    评论

“相关推荐”对你有帮助么?

  • 非常没帮助
  • 没帮助
  • 一般
  • 有帮助
  • 非常有帮助
提交
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值