[root@localhost ~]# mkdir /etc/gitlab/ssl -p[root@localhost ~]# openssl genrsa -out "/etc/gitlab/ssl/gitlab.example.key" 2048
Generating RSA private key, 2048 bit long modulus
.................+++
....+++
e is 65537 (0x10001)
------------------------------------------------------------
[root@localhost ~]# openssl req -new -key "/etc/gitlab/ssl/gitlab.example.key" -out "/etc/gitlab/ssl/gitlab.example.csr" #填写一个密码即可
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code)[XX]:
State or Province Name (full name)[]:
Locality Name (eg, city)[Default City]:
Organization Name (eg, company)[Default Company Ltd]:
Organizational Unit Name (eg, section)[]:
Common Name (eg, your name or your server's hostname) []:
Email Address []:
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:123456
An optional company name []:
------------------------------------------------------------
[root@gitlab ~]# ll /etc/gitlab/ssl/
总用量 8
-rw-r--r-- 1 root root 1062 2月 14 20:50 gitlab.example.csr
-rw-r--r-- 1 root root 1679 2月 14 20:47 gitlab.example.key
------------------------------------------------------------
[root@localhost ~]# openssl x509 -req -days 365 -in "/etc/gitlab/ssl/gitlab.example.csr" -signkey "/etc/gitlab/ssl/gitlab.example.key" -out "/etc/gitlab/ssl/gitlab.example.crt"
Signature ok
subject=/C=XX/L=Default City/O=Default Company Ltd
Getting Private key
------------------------------------------------------------
[root@localhost ~]# ll /etc/gitlab/ssl/
总用量 12
-rw-r--r--. 1 root root 1289 9月 3 13:16 gitlab.example.crt
-rw-r--r--. 1 root root 1078 9月 3 13:14 gitlab.example.csr
-rw-r--r--. 1 root root 1675 9月 3 13:09 gitlab.example.key
------------------------------------------------------------
[root@localhost ~]# openssl dhparam -out "/etc/gitlab/ssl/dhparams.pem" 2048
Generating DH parameters, 2048 bit long safe prime, generator 2
This is going to take a long time............................................................[root@localhost ~]# ll /etc/gitlab/ssl/
总用量 16
-rw-r--r--. 1 root root 424 9月 3 14:05 dhparams.pem
-rw-r--r--. 1 root root 1103 9月 3 14:02 gitlab.example.crt
-rw-r--r--. 1 root root 985 9月 3 14:01 gitlab.example.csr
-rw-r--r--. 1 root root 1679 9月 3 14:00 gitlab.example.key
--------------------------------------------------------------
[root@localhost ~]# chmod 600 /etc/gitlab/ssl/*[root@localhost ~]# ll /etc/gitlab/ssl/
总用量 16
-rw-------. 1 root root 424 9月 3 14:05 dhparams.pem
-rw-------. 1 root root 1103 9月 3 14:02 gitlab.example.crt
-rw-------. 1 root root 985 9月 3 14:01 gitlab.example.csr
-rw-------. 1 root root 1679 9月 3 14:00 gitlab.example.key