使用openssl工具自制CA证书:
[root@Python CA]# openssl genrsa -out server.key 1024
[root@Python CA]# openssl rsa -in server.key -pubout -out server.pem
[root@Python CA]# openssl genrsa -out client.key 1024
[root@Python CA]# openssl rsa -in client.key -pubout -out client.pem
[root@Python CA]# openssl genrsa -out ca.key 1024
[root@Python CA]# openssl req -new -key ca.key -out ca.csr
[root@Python CA]# openssl x509 -req -in ca.csr -signkey ca.key -out ca.crt
[root@Python CA]# openssl req -new -key server.key -out server.csr
[root@Python CA]# openssl x509 -req -CA ca.crt -CAkey ca.key -CAcreateserial -in server.csr -out server.crt
[root@Python CA]# openssl req -new -key client.key -out client.csr
[root@Python CA]# openssl x509 -req -CA ca.crt -CAkey ca.key -CAcreateserial -in client.csr -out client.crt
[root@Python CA]# ls
ca.crt ca.csr ca.key ca.srl client.crt client.csr client.key client.pem server.crt server.csr server.key server.pem
服务器端使用 server.crt 和 server.key 配置SSL证书;
浏览器中导入ca.crt;