碼上快樂

相關內容    簡體    繁體

生成自簽名CA+SSL證書

本文轉載自   查看原文   2018-05-04 11:51   2256    證書/ ssl/ ca

1、創建CA證書配置CA.cnf文件

[ req ]
distinguished_name  = req_distinguished_name
x509_extensions     = root_ca

[ req_distinguished_name ]
countryName                     = Country Name (2 letter code)
countryName_default             = CN
countryName_min                 = 2
countryName_max                 = 2
stateOrProvinceName             = State or Province Name (full name)
stateOrProvinceName_default     = HuBei
localityName                    = Locality Name (eg, city)
localityName_default            = WuHan
0.organizationName              = Organization Name (eg, company)
0.organizationName_default      = Development CA
organizationalUnitName          = Organizational Unit Name (eg, section)
organizationalUnitName_default  = Development CA
commonName                      = Common Name (eg, fully qualified host name)
commonName_default              = Development CA Certification Authority
commonName_max                  = 64
emailAddress                    = Email Address
emailAddress_default            = CA@dev.com
emailAddress_max                = 64

[ root_ca ]
basicConstraints            = critical, CA:true
  

2. 創建ssl證書cert.cnf文件

distinguished_name  = req_distinguished_name

[ req_distinguished_name ]
countryName                     = Country Name (2 letter code)
countryName_default             = CN
countryName_min                 = 2
countryName_max                 = 2
stateOrProvinceName             = State or Province Name (full name)
stateOrProvinceName_default     = HuBei
localityName                    = Locality Name (eg, city)
localityName_default            = WuHan
0.organizationName              = Organization Name (eg, company)
0.organizationName_default      = Development Server
organizationalUnitName          = Organizational Unit Name (eg, section)
organizationalUnitName_default  = Development Server
commonName                      = Common Name (eg, fully qualified host name)
commonName_default              = Development Server Certificate
commonName_max                  = 64
emailAddress                    = Email Address
emailAddress_default            = server@dev.com
emailAddress_max                = 64

 

3. 創建ssl證書subjectName描述文件cert.ext

subjectAltName = @alt_names
extendedKeyUsage = serverAuth

[alt_names]
DNS.1 = localhost
DNS.2 = 127.0.0.1

 

4. 創建CA+SSL證書

# 生成CA 證書
openssl req -x509 -newkey rsa:4096 -out CA.cer -outform PEM -keyout CA.pvk -days 3650 -verbose -config CA.cnf -nodes -sha256 

# 生成證書請求文件
openssl req -newkey rsa:4096 -keyout cert.pvk -out cert.req -config cert.cnf -sha256 -nodes

#生成證書
openssl x509 -req -CA CA.cer -CAkey CA.pvk -in cert.req -out cert.cer -days 3650 -extfile cert.ext -sha256 -set_serial 0x1111

 

將生成的CA.cer導入到系統受信任的根證書頒發機構中,cert證書配置到應用服務器,即可通過https訪問應用服務器

配置了subjectName后Chrome將不會再報 Subject Alternative Name Missing & ERR_SSL_VERSION_OR_CIPHER_MISMATCH 的錯誤


免責聲明!

本站轉載的文章為個人學習借鑒使用,本站對版權不負任何法律責任。如果侵犯了您的隱私權益,請聯系本站郵箱yoyou2525@163.com刪除。



猜您在找 CA和SSL證書介紹 自簽名證書和CA證書的區別 一鍵生成ssl自簽名證書腳本 自己制作ssl證書:自己簽發免費ssl證書,為nginx生成自簽名ssl證書 openssl 自己制作ssl證書:自己簽發免費ssl證書,為nginx生成自簽名ssl證書 centos使用openssl生成自簽名SSL證書並配置到nginx 自簽名證書和私有CA簽名的證書的區別 創建自簽名證書 創建私有CA 證書類型 證書擴展名(轉) 在iOS上使用自簽名的SSL證書 nginx 配置自簽名的ssl證書 Nginx配置SSL自簽名證書
 
粵ICP備18138465號   © 2018-2025 CODEPRJ.COM