使用openssl生成證書
openssl是目前最流行的SSL密碼庫工具,其提供了一個通用、健壯、功能完備的工具套件,用以支持SSL/TLS協議的實現。
比如生成到:/usr/local/ssl
生成命令
openssl req -x509 -nodes -days 36500 -newkey rsa:2048 -keyout /usr/local/ssl/nginx.key -out /usr/local/ssl/nginx.crt
生成過程:
# openssl req -x509 -nodes -days 36500 -newkey rsa:2048 -keyout /u sr/local/ssl/nginx.key -out /usr/local/ssl/nginx.crt
Generating a 2048 bit RSA private key
...............................................................................+ ++
...............+++
writing new private key to '/usr/local/ssl/nginx.key'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:CN
State or Province Name (full name) []:beijing
Locality Name (eg, city) [Default City]:beijing
Organization Name (eg, company) [Default Company Ltd]:xxxx
Organizational Unit Name (eg, section) []:xxxx
Common Name (eg, your name or your server's hostname) []:xxxx(一般是域名)
Email Address []:xxxx@xxxx.com
下面是上述命令相關字段含義:
Country ,單位所在國家,為兩位數的國家縮寫,如: CN 就是中國
State/Province ,單位所在州或省
Locality ,單位所在城市 / 或縣區
Organization ,此網站的單位名稱;
Organization Unit,下屬部門名稱;也常常用於顯示其他證書相關信息,如證書類型,證書產品名稱或身份驗證類型或驗證內容等;
Common Name ,網站的域名;
Email Address ,郵箱地址
生成結果
在/usr/local/ssl目錄下會生成nginx.crt和nginx.key文件