- 生成一个private key
openssl genrsa -out server.key 2048
-----BEGIN RSA PRIVATE KEY-----
MIIEpAIBAAKCAQEAxy97Qs+D82lzlbh8HbRdEoz91ZAN6yeXdyRzraKjgkmVUk+g
97kfeND7ImliUhILROPBASvvVhtrbEkA/7q5YaVGBCZhRzuA5Sz9zrF8FZCVrNnp
+vE7HDUV8ckkT6W0pytU3HoyQHHRgPlfcRT8uMKr8a6ffAV0hEqYGkVz2qC7oDby
+6dtJkdUrUZ9CGop5DLOeePHLR2J57DE5FJv7Bbq5fJAue9QihC05uDT1xibS1q4
Og4xvx/VijQ8kMt/grt7o5qmlWwrQNG+cvZqJBPXkfAtHVlMUIZlIPyJEIviDnpI
aXncqsFAUad5W5JObxk16saVAj1h1VaE4UNmtwIDAQABAoIBAQCg8Gt+0x9BmO3M
hpC6i5Y8O/GJEmk8nPPUT36sSGInDn95T1+3aTvVqb2Q02ee+ndihUfYQ4CRqXwF
tYL6HgxVqm3FQqGNJbYC9nRpAp1I61cUn8pfeXSSWQ5PG3+cXz51aBycPJvH2G83
78Y/H38HZjv5/mdclSfNEFyPtZhjh9jIFHI7PpRYOfTxAVdkF3yPLb9Q/UEz71bE
eNA/RDFqrxvYlo6YYD6J44l1p9Z9qsfKG2+pzqJgnoSmkfbqdQwioaUKqMsrjJVb
X3iTGfbbUMedVeF07oByLHsrT+nNxDAyKp/toC9BenCz48x6HhRgqsf6qg+UKZqw
IVmRSNLpAoGBAOJfQA2AF6g3qsFI2bfClZcIsiIJBv5sHzP47AVtr28uvrcolgWP
4m7WeZi+ILl+q5wwGJQOUrRmHF5LmgcZ3tJ5B/cVN+Zj55mzjUh2VbyVtJUpdPbH
MvvMxT/8AGyDCBLtcozK7EycnY5Gh0YZNCDwPcihpyN1Akc7I2ZTpGiFAoGBAOFB
U2+7F6TqDlvyJC8Rf2z8WzL9jXbKDPnU/j7lHevErQe0M6tBubvheo+MKkWqKnAl
kHrxk7hoxkFUfWrNINPP25jg/QeFBmJlhOoURABSLgfAOYIFagPCXvcD0Kig4b97
okzf8smcffbEzk/mKroRndZe2Av+JhqKcGmMIBULAoGAcM7Mqa2inGaZRlbagFOM
nkZsFr/u50zUQ98RJydg3IQr8DRehokMavWghPiCcE3qkRv6s5Vrq5CTJH6CVHWU
78f2qy+8uqggmxy6FFk8Io1r/0U4j133TzndNiSLxYeKt3vysKzTEt6dOXB2Kv2W
V6/A6kF8fBPsPbj/zBd0f80CgYBLt/fiIRQLnZoCEl1TbSBWdGX7t/urqLO/73cf
kUkDjfNUGaEculVC8MKQKl+zV0Y4uIferAIqBR5Pq6UVF6snSEHbHBYyRuckgFez
j+hj6zwJ4vXx3PwME3R0uFWVua7o/RhLmyQz3WUCZJmthgNq1K0n+G3Laj1IwqyS
7kWCjQKBgQCOQ1T5Tqd3qYUV/ss6+cbJlFDpZCArVOzS1bdH8qzfJQpPrEcQwuB3
Cb0y+CUZbEC/VDTxLW6A6J33bZt3vmKgewJARncCKKlCAtEBEamjY0bz67c1CXYh
4/2JjzNryRMf3swf5egfuDGFAMLMZb/D9ybngUV/KicSMozbsjMukg==
-----END RSA PRIVATE KEY-----
- 生成public key
openssl rsa -in server.key -pubout -out server_public.pem
-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxy97Qs+D82lzlbh8HbRd
Eoz91ZAN6yeXdyRzraKjgkmVUk+g97kfeND7ImliUhILROPBASvvVhtrbEkA/7q5
YaVGBCZhRzuA5Sz9zrF8FZCVrNnp+vE7HDUV8ckkT6W0pytU3HoyQHHRgPlfcRT8
uMKr8a6ffAV0hEqYGkVz2qC7oDby+6dtJkdUrUZ9CGop5DLOeePHLR2J57DE5FJv
7Bbq5fJAue9QihC05uDT1xibS1q4Og4xvx/VijQ8kMt/grt7o5qmlWwrQNG+cvZq
JBPXkfAtHVlMUIZlIPyJEIviDnpIaXncqsFAUad5W5JObxk16saVAj1h1VaE4UNm
twIDAQAB
-----END PUBLIC KEY-----
- 生成一个使用私钥签名的证书请求
openssl req -new -sha256 -key server.key -out server.csr
填写如下内容
----
Country Name (2 letter code) []:cn
State or Province Name (full name) []:shanxi
Locality Name (eg, city) []:xian
Organization Name (eg, company) []:zwshaoO
Organizational Unit Name (eg, section) []:zwshaoO1
Common Name (eg, fully qualified host name) []:*.zwshao.com
Email Address []:[email protected]
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:loveyou1314
- 查看csr文件细节
openssl req -in server.csr -noout -text
Certificate Request:
Data:
Version: 0 (0x0)
Subject: C=cn, ST=shanxi, L=xian, O=zwshaoO, OU=zwshaoO1, CN=*.zwshao.com/[email protected]
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
........
- 给CSR请求颁发数字签名证书
openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.pem
其中的server.key 是认证中心的秘钥, server.pem 即为证书
- 查看证书细节
openssl x509 -in server.pem -noout -text
Certificate:
Data:
Version: 1 (0x0)
Serial Number: 13197631931272604841 (0xb727685143db2ca9)
Signature Algorithm: sha1WithRSAEncryption
Issuer: C=cn, ST=shanxi, L=xian, O=zwshaoO, OU=zwshaoO1, CN=*.zwshao.com/[email protected]
Validity
Not Before: May 3 04:40:08 2020 GMT
Not After : May 3 04:40:08 2021 GMT
Subject: C=cn, ST=shanxi, L=xian, O=zwshaoO, OU=zwshaoO1, CN=*.zwshao.com/[email protected]
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
.........
完成上面步骤我们就给自己签发了一个数字证书。