openssl生成根证书/ip地址域名自签名证书

  • ca生成根证书(CA证书)
openssl genrsa -out ca.key 2048 
openssl req -new -key ca.key -out ca.csr -subj "/C=CN/ST=china/O=eATM"
openssl x509 -req -days 36500 -in ca.csr -signkey ca.key -out ca.crt

 

  • 多域名ip地址配置文件ssl.cnf
authorityKeyIdentifier=keyid,issuer
basicConstraints=CA:FALSE
keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment
subjectAltName = @alt_names

[alt_names]
DNS.1= localhost
DNS.2= openwrt
DNS.3= eATM-001
IP.1 = 192.168.3.1
IP.2 = 192.168.3.2
IP.3 = 192.168.3.3

 

  • 利用根证书生成自签名证书
openssl req -newkey rsa:2048 -nodes -subj "/C=CN/ST=AceSheep/O=AceSheep/OU=LAN/CN=eATM local" -keyout eATM.key -out eATM.csr
openssl x509 -req -CA ca.crt -CAkey ca.key -CAcreateserial -days 36500 -sha256 -extfile ip_dns_config.cnf -in eATM.csr -out eATM.crt

 

参考:https://blog.51cto.com/u_15354478/3758000

https://blog.acesheep.com/index.php/archives/1293/

发表评论

您的电子邮箱地址不会被公开。