ip 自签证书

一、创建私钥

[root@shuaishuai ~]# openssl genrsa -out ca.key 2048

示例：

注：此时目录下会生成一个 ca.key 文件

二、创建公钥

[root@shuaishuai ~]# openssl req -new -x509 -days 208 -key ca.key -out ca.crt

示例：

注：此时目录下会生成一个 ca.crt 文件

三、生成密钥对

1.先准备两个文件，分别是openssl.cnf 和 v3.ext

[root@shuaishuai ~]# vim openssl.cnf

openssl.cnf 内容如下:

[req]

distinguished_name = req_distinguished_name

req_extensions = v3_req

[req_distinguished_name]

countryName = Country Name (2 letter code)

countryName_default = US

stateOrProvinceName = State or Province Name (full name)

stateOrProvinceName_default = NY

localityName = Locality Name (eg, city)

localityName_default = NYC

organizationalUnitName = Organizational Unit Name (eg, section)

organizationalUnitName_default = xxx

commonName = xxx

commonName_max = 64

[ v3_req ]

# Extensions to add to a certificate request

basicConstraints = CA:TRUE

keyUsage = nonRepudiation, digitalSignature, keyEncipherment

subjectAltName = @alt_names

[alt_names]

IP.1 = 192.168.1.145

IP.2 = 192.168.1.140

[root@shuaishuai ~]# vim v3.ext

v3.ext 内容如下：

authorityKeyIdentifier=keyid,issuer

basicConstraints=CA:FALSE

keyUsage=digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment

subjectAltName=@alt_names

[alt_names]

IP.1 = 192.168.0.145

IP.2 = 192.168.1.140

注意：以上两个文件是相关联的

四、 生成服务器证书

1.生成私钥

[root@shuaishuai ~]# openssl genrsa -out server.key 2048

示例：

注：此时会生成一个 server.key 文件

2.生成公钥

[root@shuaishuai ~]# openssl req -new -days 208 -key server.key -out server.csr -config openssl.cnf

示例：

3.自签名

[root@shuaishuai ~]# openssl x509 -days 208 -req -sha256 -extfile v3.ext -CA ca.crt -CAkey ca.key -CAcreateserial -in server.csr -out server.crt

示例：

注：目录下会生成 server.key 和 server.crt 两个文件。

keytool -importcert -trustcacerts -keystore "/usr/local/java/jre/lib/security/cacerts" -alias bd_admin -file "/usr/local/BambooCloudBDC/private/tls/myCert.cer" -storepass "changeit"