①RSA证书的生成
$ mkdir ./demoCA
$ mkdir demoCA/newcerts
#新建一个内容为空的index.txt文件
$ vi demoCA/index.txt ---ubuntu
// $ touch demoCA/index.txt
#新建一个内容为01的serial文件
$ vi demoCA/serial
$ openssl genrsa -out ./demoCA/ca.key 1024
$ openssl req -new -x509 -key ./demoCA/ca.key -out ./demoCA/ca1.crt -days 365
$ openssl genrsa -out server.key 1024
$ openssl req -new -key server.key -out server.csr
# CN LIAONING SHENYANG COMPANY ---根据openssl.cnf,此四项应一致
CA CA ./SERVER SERVER .../CLIENT CLIENT ...
#OpenSSL配置文件(openssl.cnf)从原路径拷贝一份至与demoCA文件夹同一级的目录下
$ openssl ca -in server.csr -out server.crt -cert ./demoCA/ca1.crt -keyfile ./demoCA/ca.key -config ./openssl.cnf
② ECDSA证书生成
$ mkdir ./demoCA
$ mkdir demoCA/newcerts
#新建一个内容为空的index.txt文件
$ vi demoCA/index.txt ---ubuntu
// $ touch demoCA/index.txt
#新建一个内容为01的serial文件
$ vi demoCA/serial
$ openssl ecparam -out ./demoCA/EccCA.key -name prime256v1 -genkey
$ openssl req -new -x509 -key ./demoCA/EccCA.key -out ./demoCA/EccCA.pem -days 365
$ openssl ecparam -out EccServer.key -name prime256v1 -genkey
$ openssl req -new -key EccServer.key -out EccServer.csr
# CN LIAONING SHENYANG COMPANY ---根据openssl.cnf,此四项应一致
CA CA ./SERVER SERVER .../CLIENT CLIENT ...
#OpenSSL配置文件(openssl.cnf)从原路径拷贝一份至与demoCA文件夹同一级的目录下
$ openssl ca -in EccServer.csr -out EccServer.pem -cert ./demoCA/EccCA.pem -keyfile ./demoCA/EccCA.key -config ./openssl.cnf