openssl自签发证书

<p>生成支持多域名和多IP的证书 参考：</p> <ul> <li><a href="https://ningyu1.github.io/site/post/51-ssl-cert/">https://ningyu1.github.io/site/post/51-ssl-cert/</a></li> <li><a href="https://blog.csdn.net/u013066244/article/details/78725842?depth_1-utm_source=distribute.pc_relevant.none-task&utm_source=distribute.pc_relevant.none-task">https://blog.csdn.net/u013066244/article/details/78725842?depth_1-utm_source=distribute.pc_relevant.none-task&utm_source=distribute.pc_relevant.none-task</a></li> <li><a href="https://blog.csdn.net/weixin_42534940/article/details/90745452#4.%20%E9%85%8D%E7%BD%AE%20nginx">https://blog.csdn.net/weixin_42534940/article/details/90745452#4.%20%E9%85%8D%E7%BD%AE%20nginx</a></li> </ul> <p>1、准备openssl.cnf</p> <pre><code>[req] distinguished_name = req_distinguished_name req_extensions = v3_req [req_distinguished_name] countryName = CN stateOrProvinceName = BJ localityName = HaiDian organizationName = xml organizationalUnitName = xml commonName = xml commonName_max = 64 [ v3_req ] # Extensions to add to a certificate request basicConstraints = CA:FALSE keyUsage = nonRepudiation, digitalSignature, keyEncipherment subjectAltName = @alt_names [alt_names] DNS.1 = nwfd.nmc.cn IP.1 = 47.92.82.29 IP.2 = 192.168.50.59 IP.3 = 10.28.21.103</code></pre> <p>2、生成私钥文件frame.key</p> <pre><code class="language-shell"># openssl genrsa -out frame.key 2048</code></pre> <p>3、生成自签证书frame.crt，有效期100年 配置文件里写了国家名、单位名，但还是要至少输入一个，不然一路回车，最后会报异常 <a href="https://superuser.com/questions/512673/openssl-how-to-create-a-certificate-with-an-empty-subject-dn/918544#918544">https://superuser.com/questions/512673/openssl-how-to-create-a-certificate-with-an-empty-subject-dn/918544#918544</a></p> <pre><code class="language-shell"># openssl req -new -x509 -key frame.key -out frame.crt -days 36500 -config openssl.cnf You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. ----- CN []: BJ []: HaiDian []: xml []: xml []: xml []: error, no objects specified in config file problems making Certificate Request # openssl req -new -x509 -key frame.key -out frame.crt -days 36500 -config openssl.cnf You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. ----- CN []:CN BJ []: HaiDian []: xml []: xml []: xml []: #</code></pre> <ul> <li>参考链接1，第三种直接生成私钥和签名两个文件的方法，要求输入密码，不输入直接回车会报错 <pre><code class="language-shell"># openssl req -new -x509 -keyout frame.key -out frame.crt -days 36500 -config openssl.cnf Generating a RSA private key ............+++++ .....+++++ writing new private key to 'frame.key' Enter PEM pass phrase: 139800574397768:error:28078065:UI routines:UI_set_result_ex:result too small:crypto/ui/ui_lib.c:903:You must type in 4 to 1023 characters 139800574397768:error:2807106B:UI routines:UI_process:processing error:crypto/ui/ui_lib.c:543:while reading strings 139800574397768:error:0906406D:PEM routines:PEM_def_callback:problems getting password:crypto/pem/pem_lib.c:59: 139800574397768:error:0907E06F:PEM routines:do_pk8pkey:read key:crypto/pem/pem_pk8.c:83:</code></pre></li> </ul>