- 下载以及安装openssl证书软件
下载openssl证书软件,下载地址
解压缩后安装证书软件
将文件安装位置添加到系统环境中 - 创建客户端证书生成文件
生成如下文本文件,文件名为 client.cnf[ req ] distinguished_name = req_distinguished_name x509_extensions = root_ca
[ req_distinguished_name ]
以下内容可随意填写
countryName = CN (2 letter code)
countryName_min = 2
countryName_max = 2
stateOrProvinceName = beijing
localityName = beijing
0.organizationName = anxin
organizationalUnitName = technology
commonName = anxin
commonName_max = 64
emailAddress = concat@anxin.com
emailAddress_max = 64
[ root_ca ]
basicConstraints = critical, CA:true
3. 创建服务端证书生成文件server.ext
```bash
subjectAltName = @anxin
extendedKeyUsage = serverAuth
[anxin]
# 域名,如有多个用DNS.2,DNS.3…来增加
DNS.1 =
# IP地址
IP.1 = 192.168.137.1- 生成证书
使用管理员打开cmd,并定位到上述证书生成文件所在文件夹openssl req -x509 -newkey rsa:2048 -out client.cer -outform PEM -keyout client.pvk -days 10000 -verbose -config client.cnf -nodes -sha256 -subj "/CN=anxin CA"
openssl req -newkey rsa:2048 -keyout server.pvk -out server.req -subj /CN=192.168.137.1 -sha256 -nodes
openssl x509 -req -CA client.cer -CAkey client.pvk -in server.req -out server.cer -days 10000 -extfile server.ext -sha256 -set_serial 0x1111
