1.生成CA私钥,私钥中包含了公钥
openssl genrsa -out CA.key 2048
2.生成CA自签名证书请求文件
openssl req -new -key CA.key -out CA.csr -subj "/C=CN/ST=SC/L=CD/O=westone/OU=ops/CN=*.westone.com/emailAddress=yan.hai@qq.com"
3.生成CA自签名证书
openssl x509 -req -days 3650 -in CA.csr -signkey CA.key -CAcreateserial -out CA.crt
1.生成服务器私钥
openssl genrsa -out server_private.key 2048
2.从私钥中提取出公钥
openssl rsa -in server_private.key -pubout -out server_public.key
3.生成服务器证书请求文件
openssl req -new -key server_private.key -out server_req.csr -subj "/C=CN/ST=SC/L=CD/O=westone/OU=ops/CN=*.westone.com/emailAddress=yan.hai@qq.com"
4.生成服务器证书
openssl x509 -req -days 3650 -in server_req.csr -CA CA.crt -CAkey CA.key -CAcreateserial -out server.crt
1.生成客户端私钥
openssl genrsa -out client_private.key 2048
2.从私钥中提取出公钥
openssl rsa -in client_private.key -pubout -out client_public.key
3.生成客户端证书请求文件
openssl req -new -key client_private.key -out client_req.csr -subj "/C=CN/ST=SC/L=CD/O=westone/OU=ops/CN=*.westone.com/emailAddress=yan.hai@qq.com"
4.生成客户端证书
openssl x509 -req -days 3650 -in client_req.csr -CA CA.crt -CAkey CA.key -CAcreateserial -out client.crt