local3.cnf
[dn]
CN= xkyy.com
[req]
distinguished_name = dn
[EXT]
subjectAltName= @alt_names
keyUsage=digitalSignature
extendedKeyUsage=serverAuth
[alt_names]
# 域名,如有多个用DNS.2,DNS.3…来增加
DNS.1 = xykk.com
DNS.2 = *.xykk.com
# IP地址
IP.1 = 10.0.1.4
IP.2 = 127.0.0.1
使用powershell
生成crt证书和key文件
.\openssl req -x509 -out localhost3.crt -keyout localhost3.key -days 3650 -newkey rsa:2048 -nodes -sha256 -subj '/CN=10.0.1.4' -extensions EXT -config local3.cnf
合成pfx,IIS导入用到
.\openssl pkcs12 -export -out localhost3.pfx -inkey localhost3.key -in localhost3.crt