首先,在 http://slproweb.com/products/Win32OpenSSL.html 上下载已经编译好的OpenSSL库
然后通过如下步骤生成服务器证书:
1、生成根证书私钥:
openssl genrsa -out rootCA.key 4096
2、生成自签名根证书:
openssl req -x509 -new -nodes -key rootCA.key -sha256 -days 1024 -out rootCA.crt
3、生成server私钥:
openssl genrsa -out server.key 1024
4、根据subjectAltName.cnf生成server CSR:
openssl req -new -key server.key -out server.csr -config subjectAltName.cnf
5、查看生成的server CSR信息:
openssl req -noout -text -in server.csr
6、rootCA签署server CSR生成server CRT:
openssl x509 -req -days 500 -in server.csr -CA rootCA.crt -CAkey rootCA.key -CAcreateserial -out server.crt -extensions req_ext -extfile subjectAltName.cnf
以下为subjectAltName.cnf文件内容,请根据实际情况对localhost.dev进行替换:
[ req ]
distinguished_name = req_distinguished_name
req_extensions = req_ext
[ req_distinguished_name ]
countryName = Country Name (2 letter code)
countryName_default = CN
stateOrProvinceName = State or Province Name (full name)
stateOrProvinceName_default = China
localityName = Locality Name (eg, city)
localityName_default = Beijing
organizationName = Organization Name (eg, company)
organizationName_default = localhost.dev
organizationalUnitName = Organizational Unit Name (eg, section)
organizationalUnitName_default = localhost.dev
commonName = Common Name (e.g. server FQDN or YOUR name)
commonName_max = 64
commonName_default = localhost.dev
[ req_ext ]
subjectAltName = @alt_names
[alt_names]
DNS.1 = localhost.dev
DNS.2 = *.localhost.dev