openssl生成私钥、根证书,签发下级证书时修改SAN
直接上命令
openssl genrsa -out root.key 2048
openssl req -x509 -new -key root.key -out root.crt -subj "/CN=MyCA"
openssl genpkey -algorithm RSA -out private.pem
openssl req -new -key private.pem -out certificate.csr -subj "/CN=192.168.3.93/O=my org/C=CN"
echo 'subjectAltName=DNS:server.org,IP:192.168.3.93,DNS:mydns.org' > sign.conf
openssl x509 -req -in certificate.csr -CA root.crt -CAkey root.key -CAcreateserial -out certificate.crt -extfile sign.conf
openssl x509 -in certificate.crt -text -noout