openssl生成ca证书

发布于:2024-11-29 ⋅ 阅读:(39) ⋅ 点赞:(0)

常见CA文件夹
1、生成CA钥匙
openssl genrsa -out ./private/cakey.pem
2、生成CA自签名
openssl req -new -x509 -key ./private/cakey.pem -out ./cacert.crt -days 3650

3、生成http服务器私钥
openssl genrsa -out ./data/frontt.project.com.key 2048

4、CA给http服务器签生成 证书申请文件
openssl req -new -key ./data/frontt.project.com.key -out ./certs/frontt.project.com.csr

5、CA生成服务器的签名证书
openssl ca -in ./certs/frontt.project.com.csr -cert ./cacert.crt -keyfile ./private/cakey.pem -out ./certs/frontt.project.com.crt -days 3650


方法二:
openssl version -a
#生成公共/私人秘钥对
1、openssl genpkey -out passwork.key 2048
#输入秘钥对生成公钥
2.openssl rsa -in passwork.key -pubout -out passwork_public.key
#输入秘钥签生证书申请文件
3.openssl req -new -key passwork.key -out passwork.csr
#
4.openssl req -text -in passwork.csr -noout -verify
5.openssl x509 -in passwork.csr -out passwork.crt -req -signkey passwork.key -days 3650

Organization Name:Passwork
Organization Unit Name:.
Common Name:*.passwork.com

openssl req -newkey rsa:2048 -nodes -keyout frontt.project.com.key -x509 -days 3650 -out frontt.project.com.crt


三:
openssl req -new -newkey rsa:4096 -nodes -keyout key.pem -out cert.csr
openssl x509 -req -sha256 -days 3650 -in cert.csr -signkey key.pem -out cert.pem
chmod 600 cert.csr
chmod 600 cert.pem
chmod 600 key.pem