自签CA证书和签发证书

生成CA根证书

openssl genrsa -des3 -out myCA.key 2048    #www
openssl req -x509 -new -key myCA.key -sha256 -days 36000 -out myCA.pem 

生成服务私钥和证书请求

openssl genrsa -out www.xyz.key 2048
openssl req -new -key www.xyz.key -out www.xyz.csr

签发证书

openssl x509 -req -in www.xyz.csr -CA myCA.pem -CAkey myCA.key -CAcreateserial \
-out www.xyz.crt -days 36000 -sha256

查看证书

openssl rsa -noout -text -in www.xyz.key     #查看私钥
openssl req -noout -text -in www.xyz.csr      #查看证书请求文件
openssl x509 -noout -text -in www.xyz.crt     #查看CA证书

服务器导入CA证书

yum install -y ca-certificates
cp myCA.pem /usr/local/share/ca-certificates/myCA.crt
update-ca-certificates