1、下载OpenSSL
如果证书需要用在IIS上面 建议安装1.1.1,不然导入证书会出现网络密码错误
2、安装完毕后添加环境变量
C:\Program Files\OpenSSL-Win64\bin
3、查看OpenSSL版本号
D:\cert>openssl version
OpenSSL 1.1.1s 1 Nov 2022
4、比如想要生成的证书,放在 D 盘 cert 文件夹下,先 CD
到目录
C:\Users\ran>D:
D:\>cd D:\cert
D:\cert>
5、生成密钥,生成自签名证书
openssl req -newkey rsa:2048 -nodes -keyout key.pem -x509 -days 3650 -subj "/C=CN/CN=ioufev.com" -out cert.crt
输出的密钥:key.pem
输出的证书:cert.crt
证明的信息:/C=CN/CN=ioufev.com
最简单的证明信息要有
C=CN,表示中国
CN=ioufev.com,证书绑定域名:ioufev.com
6、将密钥和证书合并成一个 pfx 文件,并输入文件保护密码:12345678
输入的密钥:key.pem
输入的证书:cert.crt
输出的 pfx 证书:test.pfx
输出证书的名字:test,不加 -name test
的话,默认名字是 1
详细操作流程
C:\Users\ran>D:
D:\>cd D:\cert
D:\cert>openssl req -newkey rsa:2048 -nodes -keyout key.pem -x509 -days 3650 -subj "/C=CN/CN=ioufev.com" -out cert.crt
...................+...+...+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*...+..+......+...+....+.....+.+.....+......+...+.+.....................+...+...+..+......+.+..............+......+.+.........+...+......+..+...+.........+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*.......+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
..+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*..+...+..+.+...+..+.......+......+......+........+.+..+............+.............+...+......+........+...+....+.....+.+..................+.....+......+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*.....+...+......+..+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
-----
D:\cert>openssl pkcs12 -export -in cert.crt -inkey key.pem -out test.pfx -name test
Enter Export Password:
Verifying - Enter Export Password:
D:\cert>
-----
D:\cert>openssl pkcs12 -export -in cert.crt -inkey key.pem -out test.pfx -name test
Enter Export Password:
Verifying - Enter Export Password:
D:\cert>