1.创建一个多域名的配置文件
随便找一个地方创建配置文件example.com.conf
# example.com.conf
[ req ]
default_bits = 2048
default_keyfile = privkey.pem
distinguished_name = req_distinguished_name
# 生成v3版本带扩展属性的证书
req_extensions = v3_req
# 设置默认域名
[ req_distinguished_name ]
# Minimum of 4 bytes are needed for common name
commonName = www.example.com
commonName_default = *.example.com
commonName_max = 64
# 设置两位国家代码
# ISO2 country code only
countryName = China
countryName_default = CN
# 设置州 或者 省的名字
# State is optional, no minimum limit
stateOrProvinceName = Province
stateOrProvinceName_default = Beijing
# 设置城市的名字
# City is required
localityName = City
localityName_default = Beijing
# 设置公司或组织机构名称
# Organization is optional
organizationName = Organization
organizationName_default = My Company
# 设置部门名称
# Organization Unit is optional
organizationalUnitName = Department
organizationalUnitName_default = My Department
# 设置联系邮箱
# Email is optional
emailAddress = Email
emailAddress_default = [email protected]
# 拓展信息配置
[ v3_req ]
basicConstraints = CA:FALSE
keyUsage = nonRepudiation, digitalSignature, keyEncipherment
subjectAltName = @alt_names
# 要配置的域名
[alt_names]
DNS.1 = www.example.com
DNS.2 = *.example.com
2. 生成csr文件
创建私钥
openssl genrsa -out example.com.key 2048
生成csr文件
openssl req -new -nodes -out example.com.csr -key example.com.key -config example.com.conf
输出内容
Generating a RSA private key
...................+++++
.......................+++++
writing new private key to 'privkey.pem'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distin