最近经常用到,所以先记录一下
openssl genrsa 2048 > ca-key.pem # CA 私钥
openssl req -new -x509 -nodes -days 36500 -key ca-key.pem -out ca-cert.pem # CA 证书
openssl req -newkey rsa:2048 -days 36500 -nodes -keyout server-key.pem -out server-req.pem # 服务器私钥
openssl rsa -in server-key.pem -out server-key.rsa # 转换为 RSA 格式
openssl x509 -req -in server-req.pem -days 36500 -CA ca-cert.pem -CAkey ca-key.pem -set_serial 01 -out server-cert.pem # 服务器证书
openssl verify -CAfile ca-cert.pem server-cert.pem # 验证
openssl req -newkey rsa:2048 -days 36500 -nodes -keyout client-key.pem -out client-req.pem # 客户端私钥
openssl rsa -in client-key.pem -out client-key.rsa