apt install -y openssl libssl-dev1、创建CA根证书
生成ca私钥
openssl genrsa -out ca.key 4096生成ca根证书
openssl req -x509 -new -nodes -key ca.key \
-sha256 -days 3650 -out ca.crt \
-subj "/C=CN/ST=BeiJing/L=Beijing/O=aolingo/OU=aolingo"2、生成服务器证书
生成服务器私钥
openssl genrsa -out server.key 2048生成CSR(证书请求)
openssl req -new -key server.key -out server.csr \
-subj "/C=CN/ST=Beijing/L=Beijing/O=aolingo/OU=aolingo/CN=192.168.88.16"3、如果需要支持IP/多域名(SAN)
创建文件san.conf,内容如下:
[ req ]
default_bits = 2048
prompt = no
default_md = sha256
req_extensions = req_ext
distinguished_name = dn
[ dn ]
CN = 192.168.88.16
[ req_ext ]
subjectAltName = @alt_names
[ alt_names ]
IP.1 = 192.168.88.16
IP.2 = 192.168.3.19
DNS.1 = wopi.local重新生成CSR
openssl req -new -key server.key -out server.csr -config san.conf4、用CA签发服务器证书
openssl x509 -req -in server.csr \
-CA ca.crt -CAkey ca.key -CAcreateserial \
-out server.crt -days 825 -sha256 \
-extensions req_ext -extfile san.conf