写下这篇时用的是 GmSSL 2.4.4,未来的版本可能命令不一样。
# 生成SM2密钥对 "cakeyGM.pem"
mkdir ~/myCert
cd ~/myCert
mkdir demoCA
mkdir demoCA/private
mkdir demoCA/certs
mkdir demoCA/crl
mkdir demoCA/newcerts
touch demoCA/index.txt
touch demoCA/serial
od -vAn -N4 -tx1 < /dev/urandom |tr -d ' ' > demoCA/serial
cd demoCA
gmssl sm2 -genkey -out private/cakeyGM.pem
# Self-signed SM2 certificate generation as cacertGM.crt:
# 生成 SM2 自签证书,作为根CA “cacertGM.crt”
gmssl req -new -x509 -key private/cakeyGM.pem -out cacertGM.crt
# 生成SM2密钥对 "testUserGM.key"
cd ..
gmssl sm2 -genkey -out testUserGM.com.key
# 生成证书请求CSR
gmssl req -new -key testUserGM.com.key -out testUser