1.创建CA证书:
1.1创建CA证书目录ca,并进入ca
$ mkdir ca
$ cd ca
1.2创建CA证书私钥
$ openssl genrsa -aes256 -out ca.key 2048
Enter PEM pass phrase:
Verifying - Enter PEM pass phrase:
输入两次密码后,在ca目录下生成了私钥文件ca.key
1.3生成CSR
$ openssl req -new -sha256 -key ca.key -out ca.csr -subj "/C=CN/ST=SH/L=SH/O=XXX/OU=YYY/CN=CA/emailAddress=ca@ca.com"
输入私钥的密码后,在ca目录下生成了csr文件ca.csr
参数说明:
C-----国家(Country Name)
ST----省份(State or Province Name)
L----城市(Locality Name)
O----公司(Organization Name)
OU----部门(Organizational Unit Name)
CN----产品名(Common Name)
emailAddress----邮箱(Email Address)
1.4自签名ca证书