linux下,测试或局域网环境使用OpenSSL生成自签名证书、nginx配置及Chrome浏览器信任
1. 安装openssl工具
2. 创建auto-generate-cert.sh
脚本文件,内容如下
#! /bin/bash
DOMAIN=pskzs.com
## 证书适用IP
IP=$(ip addr|awk '/^[0-9]+: / {}; /inet.*global/ {print gensub(/(.*)\/(.*)/, "\\1", "g", $2)}'|head -n 1)
DOMAIN_EXT=$IP
DATE=3650
echo 'ip为 '$IP
rm -rf ${
DOMAIN} ca.key ca.csr ca.crt
mkdir ${
DOMAIN}
# 生成CA根证书
## 准备ca配置文件,得到ca.conf
cat > ${
DOMAIN}/ca.conf << EOF
[ req ]
default_bits = 4096
distinguished_name = req_distinguished_name
[ req_distinguished_name ]
countryName = Country Name (2 letter code)
countryName_default = CN
stateOrProvinceName = State or Province Name (fu