本文共 979 字，大约阅读时间需要 3 分钟。

1.Creating Certificate Signing Requests

openssl req -new -key fd.key -out fd.csr

2.After a CSR is generated, use it to sign your own certificate and/or send it to a public CA

and ask it to sign the certificate. openssl req -text -in fd.csr -noout

3.openssl x509 -x509toreq -in fd.crt -out fd.csr -signkey fd.key

4.添加以下内容到fd.cnf

[req] prompt = no distinguished_name = dn req_extensions = ext input_password = PASSPHRASE [dn] CN = www.feistyduck.com emailAddress = webmaster@feistyduck.com O = Feisty Duck Ltd L = London C = GB [ext] subjectAltName = DNS:www.feistyduck.com,DNS:feistyduck.com

5.openssl req -new -config fd.cnf -key fd.key -out fd.csr

6签署自己的证书

openssl req -new -x509 -days 365 -key fd.key -out fd.crt 或 openssl req -new -x509 -days 365 -key fd.key -out fd.crt -subj “/C=GB/L=London/O=Feisty Duck Ltd/CN=www.feistyduck.com”

7.创建对多个主机名有效的证书

openssl x509 -req -days 365 -in fd.csr -signkey fd.key -out fd.crt -extfile fd.ext

8.检查证书

openssl x509 -text -in fd.crt -noout

转载地址：http://hlwdb.baihongyu.com/