# 创建证书存放路径mkdir /usr/local/ssl
openssl req -x509-nodes-days36500-newkey rsa:2048 -keyout /usr/local/ssl/nginx.key -out /usr/local/ssl/nginx.crt
Generating a 2048 bit RSA private key
...........................+++
............................+++
writing new private key to '/usr/local/ssl/nginx.key'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code)[XX]:CN
State or Province Name (full name)[]:HN
Locality Name (eg, city)[Default City]:Zheng Zhou
Organization Name (eg, company)[Default Company Ltd]:
Organizational Unit Name (eg, section)[]:
Common Name (eg, your name or your server's hostname)[]:www.test.com
Email Address []:
# openssl req生成证书# -x509 输出 x509 结构而不是证书。# -nodes 不加密输出密钥# -days -x509 生成的证书的有效天数。# -newkey rsa:2048 生成大小为"位"的新 RSA 密钥# -keyout 要将密钥发送到的文件# -out 输出文件