做一個self-signed的憑證 - 波波逸思的部落格

參觀人次統計

今日人氣: 32

累積人氣: 188105

最新文章

[javascript] selenium 無法顯示滑鼠指標

[nodejs] npm install 憑證問題

[C] 關於static_assert()的一些技巧

[C] elf64_checksum() 的範例程式

[misc] 蛋雞飼養方式資訊

2022 12 02 13 11 做一個self-signed的憑證

#這一步是做出你rootCA的key和憑證.
openssl req -x509 -sha256 -days 356 -nodes -newkey rsa:2048 -keyout rootCA.key -out rootCA.crt

#這一步是做出你 web server 要用的key和憑證.
openssl genrsa -out server.key 2048 openssl req -new -key server.key -out server.csr -config csr.conf

#最後一步是用你自己的rooCA去簽署 web server 所要用的憑證.
openssl x509 -req -in server.csr -CA rootCA.crt -CAkey rootCA.key -CAcreateserial -out server.crt -days 365 -sha256 -extfile cert.conf

#csr.conf
[ req ]
default_bits = 2048
prompt = no
default_md = sha256
distinguished_name = dn

[ dn ]
C = TW
ST = Taipei
L = Taipei
O = Test
OU = Test Dev
CN = MY-RootCA

#cert.conf
authorityKeyIdentifier=keyid,issuer
basicConstraints=CA:FALSE
keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment
subjectAltName = @alt_names

[alt_names]
DNS.1 = example.com #你server所用的FQDN
IP.1 = 172.0.0.1 #你server所用的ip address

Ref: https://devopscube.com/create-self-signed-certificates-openssl/

Ref 2: https://superuser.com/questions/1073986/self-signed-certificate-with-openssl-for-server-at-home-and-no-domain-name

Ref 3: https://www.twblogs.net/a/5ef3850c0cb8aa77788368b5

上一頁 10 11 12 13 14 15 16 17 18 19 下一頁