1. 自建CA
#生成CA私钥
cd /etc/pki/CA && touch index.txt && echo 01 > serial
cd /etc/pki/CA && openssl genrsa -out private/cakey.pem 2048 && chmod 400 private/cakey.pem
#生成CA证书
#-x509:表示创建自签名证书而不是生成证书签名请求
openssl req -new -x509 -key private/cakey.pem -days 3650 -out cacert.pem -sbuj '/C=CN/ST=GuangDong/L=ShenZhen/O=AGREE/OU=IT/CN=ca.company.com/emailAddress=charge@si