1.生成ca 证书ca.crt和ca 私有key
openssl req -newkey rsa:2048 -keyout ca.key -nodes -out ca.crt -x509 -days 365 -subj "/C=CN/ST=SiChuan/O=f.org/OU=dev/CN=abc"
2.创建rsa pub/private key pair
openssl genrsa -out server.key 2048 (server.key包含pub/private pair)
openssl rsa -in server.key -pubout -out server_pub.key
3.创建csr(certificate sign request)
openssl req -new -key server.key -out server.csr -subj "/C=CN/ST=SiChuan/O=f.org/OU=dev/CN=abc"
4.签名生成cert
openssl x509 -req -days 365 -in server.csr -signkey server.key -sha256 -out server.crt
获取WEB服务器 cert
echo -n | openssl s_client -connect $web_ip:$port -servername $servername | openssl x509 > ./$servername.cert
参考:
https://www.markjour.com/article/20201217-openssl-generate-x509.html
https://knowledge.broadcom.com/external/article/166370/how-to-create-a-selfsigned-ssl-certifica.html
