OpenSSL自签CA证书签署服务器SSL证书完整流程

首先，在 http://slproweb.com/products/Win32OpenSSL.html 上下载已经编译好的OpenSSL库

然后通过如下步骤生成服务器证书：

1、生成根证书私钥：
openssl genrsa -out rootCA.key 4096

2、生成自签名根证书：
openssl req -x509 -new -nodes -key rootCA.key -sha256 -days 1024 -out rootCA.crt

3、生成server私钥：
openssl genrsa -out server.key 1024

4、根据subjectAltName.cnf生成server CSR:
openssl req -new -key server.key -out server.csr -config subjectAltName.cnf

5、查看生成的server CSR信息：
openssl req -noout -text -in server.csr

6、rootCA签署server CSR生成server CRT：
openssl x509 -req -days 500 -in server.csr -CA rootCA.crt -CAkey rootCA.key -CAcreateserial -out server.crt -extensions req_ext -extfile subjectAltName.cnf

以下为subjectAltName.cnf文件内容，请根据实际情况对localhost.dev进行替换：

[ req ]
distinguished_name = req_distinguished_name
req_extensions     = req_ext

[ req_distinguished_name ]
countryName                 = Country Name (2 letter code)
countryName_default         = CN
stateOrProvinceName         = State or Province Name (full name)
stateOrProvinceName_default = China
localityName                = Locality Name (eg, city)
localityName_default        = Beijing
organizationName            = Organization Name (eg, company)
organizationName_default    = localhost.dev
organizationalUnitName            = Organizational Unit Name (eg, section)
organizationalUnitName_default    = localhost.dev
commonName                  = Common Name (e.g. server FQDN or YOUR name)
commonName_max              = 64
commonName_default          = localhost.dev

[ req_ext ]
subjectAltName = @alt_names

[alt_names]
DNS.1   = localhost.dev
DNS.2   = *.localhost.dev

参考资料：
【HTTPS】使用OpenSSL生成带有SubjectAltName的自签名证书