1.安装openssl
对于centos直接安装
yum install openssl openssl-devel2.生成证书
一、生成CA证书私钥
openssl genrsa -aes128 -passout pass:20230421 -out ca_private.key 2048生成CA证书请求文件
openssl req -new -key ca_private.key -passin pass:20230421 -out ca_req.csr -days 7300openssl req -text -in ca_req.csr -noout生成CA根证书
openssl x509 -req -in ca_req.csr -signkey ca_private.key -out ca_root.crt -days 7300 -passin pass:20230421二、生成服务端的证书私钥
openssl genrsa -aes128 -passout pass:20230421 -out appServer_private.key 2048去除密码。 在加载SSL支持的Nginx并使用上述私钥时除去必须的口令,否则会在启动nginx的时候需要输入密码。 复制appServer_private.key并重命名为appServer_private.key.org openssl rsa -in appServer_private.key.org -out appServer_private.key 生成服务器公钥
openssl rsa -in appServer_private.key -pubout -out appServer_public.pem生成服务端的待签名证书
openssl req -new -key appServer_private.key -passin pass:20230421 -out appServer_req.csr -days 365使用CA根证书对服务端证书签名
openssl x509 -req -in appServer_req.csr -days 365 -CAkey ca_private.key -CA ca_root.crt -CAcreateserial -out appServer.crt二、生成客户端的证书私钥
openssl genrsa -aes128 -passout pass:20230421 -out appClient_private.key 2048openssl rsa -in appClient_private.key -pubout -out appClient_public.pemopenssl rsa -in appClient_private.key.org -out appClient_private.keyopenssl req -new -key appClient_private.key -out appClient.csropenssl x509 -req -CA ca_root.crt -CAkey ca_private.key -CAcreateserial -in appClient.csr -out appClient.crt