/etc/pki/CA/

(umask 077;openssl genrsa -out private/cakey.pem 2048)

../tls/openssl.cnf

生成CA证书

openssl req -new -x509 -key private/cakey.pem -out cacert.pem -days 3655


客户端

openssl genrsa 1024 -out http.key

openssl req -new -key http.key -out http.csr

CA

openssl ca -in http.csr -out http.crt -days 3650


httpd-ssl-conf

AddType application/x-x509-ca-cert .crt

AddType application/x-pkcs7-crl   .crl