sunqi/typora
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
main
typora/daliy_note/11.12/泛域名证书自签发.md

48 lines
1.4 KiB
Markdown
Raw Permalink Normal View History

first commit
2024-12-11 21:48:55 -05:00
### 一、自签证书
- 生成CA Key证书
```bash
openssl genrsa 2048 > ca-key.pem
```
- 生成CA Cert证书
```bash
openssl req -new -x509 -nodes -days 3650 -key ca-key.pem -out ca-cert.pem -subj=/C=CN/ST=Beijing/L=Beijing/O=ExampleO/OU=ExampleOU/CN=ExampleRootCA/emailAddress=admin@example.com
```
- 生成server证书签发请求和server private key证书在此命令中修改CNCommon Name用来创建域名证书请求
```bash
openssl req -newkey rsa:2048 -nodes -days 3650 -keyout server-key.pem -out server-req.pem -subj=/C=CN/ST=Beijing/L=Beijing/O=ExampleO/OU=ExampleOU/CN=*.example.com/emailAddress=admin@example.com
```
- 签发server证书请求生成server cert证书注意修改subjectAltName的值
```bash
openssl x509 -req -extfile <(printf "subjectAltName=DNS:*.example.com") -days 3650 -CAcreateserial -in server-req.pem -out server-cert.pem -CA ca-cert.pem -CAkey ca-key.pem
```
### 二、生成证书报错
``` bash
Can't load ./.rnd into RNG 10504:error:2406F079:random number generator:RAND_load_file:Cannot open file:crypto\rand\randfile.c:98:Filename=./.rnd
```
- 解决方案
```bash
cd /root(你当前所使用的用户)
openssl rand -writerand .rnd
```
### 三、Chrome On MacOS 信任证书
> https://segmentfault.com/a/1190000012394467
- chrome控制台安全tab查看证书
- 查看证书详细信息,导出下载证书
- 双击打开下载的证书,选择始终信任
Reference in New Issue Copy Permalink