准备环境
在windows下操作:
1、查看openssl.cnf中dir变量的路径(../demoCA),在该路径下创建private文件夹、index.txt;
2、创建serial文件,用记事本打开它,写入01保存;
3、打开cmd,进入openssl的bin目录下,执行以下命令;
生成根证书
openssl req -new -x509 -keyout ../demoCA/private/cakey.pem -out ../demoCA/cacert.pem
生成证书
openssl req -new -keyout ../demoCA/private/clientkey.pem -out ../demoCA/clientreq.pem
用根证书签名
openssl ca -in ../demoCA/clientreq.pem -out ../demoCA/clientcert.pem
导出p12
openssl pkcs12 -export -in ../demoCA/clientcert.pem -inkey ../demoCA/private/clientkey.pem -out ../demoCA/client.p12