openssl生成根证书/ip地址域名自签名证书 – eATM

eATM

openssl生成根证书/ip地址域名自签名证书

ca生成根证书(CA证书)

openssl genrsa -out ca.key 2048 
openssl req -new -key ca.key -out ca.csr -subj "/C=CN/ST=china/O=eATM"
openssl x509 -req -days 36500 -in ca.csr -signkey ca.key -out ca.crt

多域名ip地址配置文件ssl.cnf

authorityKeyIdentifier=keyid,issuer
basicConstraints=CA:FALSE
keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment
subjectAltName = @alt_names

[alt_names]
DNS.1= localhost
DNS.2= openwrt
DNS.3= eATM-001
IP.1 = 192.168.3.1
IP.2 = 192.168.3.2
IP.3 = 192.168.3.3

利用根证书生成自签名证书

openssl req -newkey rsa:2048 -nodes -subj "/C=CN/ST=AceSheep/O=AceSheep/OU=LAN/CN=eATM local" -keyout eATM.key -out eATM.csr
openssl x509 -req -CA ca.crt -CAkey ca.key -CAcreateserial -days 36500 -sha256 -extfile ip_dns_config.cnf -in eATM.csr -out eATM.crt

参考:https://blog.51cto.com/u_15354478/3758000

https://blog.acesheep.com/index.php/archives/1293/

9

发表回复取消回复

分类

代码/开发 (92)
- c# (1)
- C/C++/VC++ (44)
- esp32 (11)
- ImGui跨平台C++Gui库 (2)
- ios/mac开发 (9)
- mysql (1)
- python (1)
- Tampermonkey (1)
- ts/js (3)
- visual studio (4)
- wordpress (8)
- 其它语言 (5)
- 前端 (1)
- 安卓开发 (3)
- 编译开源库 (2)
操作系统 (83)
- ESXi/VMWare/Hyper-v/PVE (16)
- linux (29)
- MacOS (12)
- openwrt (25)
- windows (18)
3d打印机 (2)
- 模型 (1)
软件工具 (10)
小视频 (6)
其它 (57)
- chatgpt (1)
- 图纸 (1)
- 硬件信息 (1)
- bot (1)
- 科普 (1)
- 疑难杂症 (17)
- 重复的工作 (2)
- 重生之路 (1)
- 收藏 (6)
- 政策法规 (1)
- 未分类 (26)