首先,在 http://slproweb.com/products/Win32OpenSSL.html 上下載已經編譯好的OpenSSL庫
然後通過如下步驟生成服務器證書:
1、生成根證書私鑰:
openssl genrsa -out rootCA.key 4096
2、生成自簽名根證書:
openssl req -x509 -new -nodes -key rootCA.key -sha256 -days 1024 -out rootCA.crt
3、生成server私鑰:
openssl genrsa -out server.key 1024
4、根據subjectAltName.cnf生成server CSR:
openssl req -new -key server.key -out server.csr -config subjectAltName.cnf
5、查看生成的server CSR信息:
openssl req -noout -text -in server.csr
6、rootCA簽署server CSR生成server CRT:
openssl x509 -req -days 500 -in server.csr -CA rootCA.crt -CAkey rootCA.key -CAcreateserial -out server.crt -extensions req_ext -extfile subjectAltName.cnf
以下爲subjectAltName.cnf文件內容,請根據實際情況對localhost.dev進行替換:
[ req ]
distinguished_name = req_distinguished_name
req_extensions = req_ext
[ req_distinguished_name ]
countryName = Country Name (2 letter code)
countryName_default = CN
stateOrProvinceName = State or Province Name (full name)
stateOrProvinceName_default = China
localityName = Locality Name (eg, city)
localityName_default = Beijing
organizationName = Organization Name (eg, company)
organizationName_default = localhost.dev
organizationalUnitName = Organizational Unit Name (eg, section)
organizationalUnitName_default = localhost.dev
commonName = Common Name (e.g. server FQDN or YOUR name)
commonName_max = 64
commonName_default = localhost.dev
[ req_ext ]
subjectAltName = @alt_names
[alt_names]
DNS.1 = localhost.dev
DNS.2 = *.localhost.dev