openssl自签发证书
<p>生成支持多域名和多IP的证书
参考:</p>
<ul>
<li><a href="https://ningyu1.github.io/site/post/51-ssl-cert/">https://ningyu1.github.io/site/post/51-ssl-cert/</a></li>
<li><a href="https://blog.csdn.net/u013066244/article/details/78725842?depth_1-utm_source=distribute.pc_relevant.none-task&utm_source=distribute.pc_relevant.none-task">https://blog.csdn.net/u013066244/article/details/78725842?depth_1-utm_source=distribute.pc_relevant.none-task&utm_source=distribute.pc_relevant.none-task</a></li>
<li><a href="https://blog.csdn.net/weixin_42534940/article/details/90745452#4.%20%E9%85%8D%E7%BD%AE%20nginx">https://blog.csdn.net/weixin_42534940/article/details/90745452#4.%20%E9%85%8D%E7%BD%AE%20nginx</a></li>
</ul>
<p>1、准备openssl.cnf</p>
<pre><code>[req]
distinguished_name = req_distinguished_name
req_extensions = v3_req
[req_distinguished_name]
countryName = CN
stateOrProvinceName = BJ
localityName = HaiDian
organizationName = xml
organizationalUnitName = xml
commonName = xml
commonName_max = 64
[ v3_req ]
# Extensions to add to a certificate request
basicConstraints = CA:FALSE
keyUsage = nonRepudiation, digitalSignature, keyEncipherment
subjectAltName = @alt_names
[alt_names]
DNS.1 = nwfd.nmc.cn
IP.1 = 47.92.82.29
IP.2 = 192.168.50.59
IP.3 = 10.28.21.103</code></pre>
<p>2、生成私钥文件frame.key</p>
<pre><code class="language-shell"># openssl genrsa -out frame.key 2048</code></pre>
<p>3、生成自签证书frame.crt,有效期100年
配置文件里写了国家名、单位名,但还是要至少输入一个,不然一路回车,最后会报异常
<a href="https://superuser.com/questions/512673/openssl-how-to-create-a-certificate-with-an-empty-subject-dn/918544#918544">https://superuser.com/questions/512673/openssl-how-to-create-a-certificate-with-an-empty-subject-dn/918544#918544</a></p>
<pre><code class="language-shell"># openssl req -new -x509 -key frame.key -out frame.crt -days 36500 -config openssl.cnf
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
CN []:
BJ []:
HaiDian []:
xml []:
xml []:
xml []:
error, no objects specified in config file
problems making Certificate Request
# openssl req -new -x509 -key frame.key -out frame.crt -days 36500 -config openssl.cnf
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
CN []:CN
BJ []:
HaiDian []:
xml []:
xml []:
xml []:
#</code></pre>
<ul>
<li>参考链接1,第三种直接生成私钥和签名两个文件的方法,要求输入密码,不输入直接回车会报错
<pre><code class="language-shell"># openssl req -new -x509 -keyout frame.key -out frame.crt -days 36500 -config openssl.cnf
Generating a RSA private key
............+++++
.....+++++
writing new private key to 'frame.key'
Enter PEM pass phrase:
139800574397768:error:28078065:UI routines:UI_set_result_ex:result too small:crypto/ui/ui_lib.c:903:You must type in 4 to 1023 characters
139800574397768:error:2807106B:UI routines:UI_process:processing error:crypto/ui/ui_lib.c:543:while reading strings
139800574397768:error:0906406D:PEM routines:PEM_def_callback:problems getting password:crypto/pem/pem_lib.c:59:
139800574397768:error:0907E06F:PEM routines:do_pk8pkey:read key:crypto/pem/pem_pk8.c:83:</code></pre></li>
</ul>