下载执行文件
本文操作平台windows,安装 TortoiseGit后,在其 git bash中执行 openssl。
0x1 ca 根证书,生成 ca.crt
openssl genrsa -out ca.pem 2048
openssl ecparam -genkey -name secp384r1 -out ca.pem
openssl req -config conf/ca.cnf -newkey rsa:2048 -x509 -days 3650 -key ca.pem -out ca.crt
conf/ca.cnf
[req]
req_extensions = v3_req
distinguished_name = req_distinguished_name
prompt = no
[req_distinguished_name]
countryName = CN
stateOrProvinceName = Beijing
localityName = Beijing
postalCode = 100022
streetAddress = GuoMaoSanQi
organizationName = apfelboymschule
organizationalUnitName = Support_CA
emailAddress = http.bj@qq.com
0.commonName = localhost
[ v3_req ]
keyUsage = keyEncipherment, dataEncipherment
extendedKeyUsage = serverAuth
0x2 server 服务端生成 server.key
,server.crt
(添加了extfile.cnf)
openssl genrsa -out server.key 2048
openssl ecparam -genkey -name secp384r1 -out server.key
openssl req -config conf/server.cnf -new -key server.key -out server_reqout.txt
openssl x509 -req -in server_reqout.txt -days 3650 -sha1 -CAcreateserial -CA ca.crt -CAkey ca.pem -out server.crt -extfile conf/extfile.cnf
conf/extfile.cnf
subjectAltName = @alt_names
[alt_names]
IP.1 = 127.0.0.1
IP.2 = 192.168.10.51
DNS.1 = localhost
conf/server.cnf
[req]
req_extensions = v3_req
distinguished_name = req_distinguished_name
prompt = no
[req_distinguished_name]
countryName = CN
stateOrProvinceName = Beijing
localityName = Beijing
postalCode = 100022
streetAddress = GuoMaoSanQi
organizationName = apfelboymschule
organizationalUnitName = Support_Server
emailAddress = http.bj@qq.com
0.commonName = localhost
[ v3_req ]
keyUsage = keyEncipherment, dataEncipherment
extendedKeyUsage = serverAuth
0x3 client 客户端生成 client.key
,client.crt
openssl genrsa -out client.key 2048
openssl ecparam -genkey -name secp384r1 -out client.key
openssl req -config conf/client.cnf -new -key client.key -out client_reqout.txt
openssl x509 -req -in client_reqout.txt -days 3650 -sha1 -CAcreateserial -CA ca.crt -CAkey ca.pem -out client.crt
conf/client.cnf
[req]
req_extensions = v3_req
distinguished_name = req_distinguished_name
prompt = no
[req_distinguished_name]
countryName = CN
stateOrProvinceName = Beijing
localityName = Beijing
postalCode = 100022
streetAddress = GuoMaoSanQi
organizationName = apfelboymschule
organizationalUnitName = `"Support_Client"'
emailAddress = http.bj@qq.com
0.commonName = localhost
[ v3_req ]
keyUsage = keyEncipherment, dataEncipherment
extendedKeyUsage = clientAuth
以上ca.cnf
,client.cnf
,server.cnf
中的内容可以为同一个。在本示例中只是修改了 organizationalUnitName