1、使用openssl 执行下面的shell脚本
#!/bin/bash
#创建根密钥
openssl ecparam -out ROOT_CA_PRIVATEKEY.key -name secp384r1 -genkey
#创建根证书CSR
openssl req -new -sha256 -key ROOT_CA_PRIVATEKEY.key -out ROOT_CA_CSR.csr -subj "/C=CN/ST=SH/L=PD/OU=ceshi_iOS/O=ceshi_iOS/CN=ceshi_IOS_CA"
#创建一个 CA 根证书的配置文件
ROOT_CA_Path="./ROOT_CA.cnf"
(
cat << EOF
basicConstraints=critical,CA:TRUE
nsComment = "This Root certificate was generated by dadadongL"
keyUsage=critical, keyCertSign
subjectKeyIdentifier=hash
EOF
) > $ROOT_CA_Path
# 创建自签名CA
openssl x509 -req -sha256 -days 3650 -extfile $ROOT_CA_Path -in ROOT_CA_CSR.csr -signkey ROOT_CA_PRIVATEKEY.key -out ROOT_CA_CERT.crt
# ⚠️⚠️⚠️自签名的ip 记得改成自己的⚠️⚠️⚠️
ip_server="172.16.1.34"
# 创建证书的密钥 和 CSR 文件
openssl req -newkey rsa:2048 -nodes -subj "