OpenSSL生成根证书并签署下级证书
#生成根证书私钥
D:/software/OpenSSL-Win64/bin/openssl genrsa -aes256 -passout pass:123456 -out prikey.pem 8192
#根证书私钥脱密
D:/software/OpenSSL-Win64/bin/openssl rsa -in prikey.pem -out unenprikey.pem -passin pass:123456
#根据私钥生成自签名证书
D:/software/OpenSSL-Win64/bin/openssl req -new -x509 -key unenprikey.pem -days 18250 -out cert.crt -sha512 -config D:/software/OpenSSL-Win64/bin/cnf/openssl.cnf -subj /C=CN/ST=Beijing/L=Beijing/OU=TDZX/O=YF/CN=xuxiaobo.com
#根据私钥生成签名请求文件
D:/software/OpenSSL-Win64/bin/openssl req -new -key unenprikey.pem -days 2190 -out cert.csr -sha512 -config D:/software/OpenSSL-Win64/bin/cnf/openssl.cnf -subj /C=CN/ST=Beijing/L=Beijing/OU=TDZX/O=YF/CN=xuxiaobo.com
#用上面生成的密钥unenprikey.pem生成一个数字证书cacert.pem
D:/software/OpenSSL-Win64/bin/openssl req -new -x509 -key unenprikey.pem -out cacert.pem -days 1095 -config D:/software/OpenSSL-Win64/bin/cnf/openssl.cnf -subj /C=CN/ST=Beijing/L=Beijing/OU=TDZX/O=YF/CN=xuxiaobo.com
#使用根证书的证书文件、私钥文件签署下级证书
D:/software/OpenSSL-Win64/bin/openssl ca -in cert.csr -config D:/software/OpenSSL-Win64/bin/cnf/openssl.cnf -subj /C=CN/ST=Beijing/L=Beijing/OU=TDZX/O=YF/CN=www1.xuxiaobo.com
标签:bin,下级,证书,Win64,openssl,OpenSSL,pem,software From: https://www.cnblogs.com/xuxiaobo/p/17039348.html