自签名证书100年

准备存放证书目录

mkdir -p /opt/ssl

生成私钥

#使用openssl生成基于rsa数学算法长度为1024bit的密钥，文件必须以key为结尾

localhost[qq]:~ # openssl genrsa 1024 > /opt/ssl/server.key
Generating RSA private key, 1024 bit long modulus
...........++++++
.++++++
e is 65537 (0x10001)

localhost[qq]:~ # openssl req -new -key /opt/ssl/server.key > /opt/ssl/server.csr

You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:CN        ### 国家名
State or Province Name (full name) []:BJ        ### 省会
Locality Name (eg, city) [Default City]:BJ        ### 城市
Organization Name (eg, company) [Default Company Ltd]:YONG        ### 组织名
Organizational Unit Name (eg, section) []:cloud        ###组织单位名
Common Name (eg, your name or your server's hostname) []:10.10.10.10        ### 服务器名字
Email Address []:        ### 邮箱可选

Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:        ### 密码为空
An optional company name []:        ###密码为空

使用密钥文件生成证书-申请证书

localhost[qq]:~ # ls /opt/ssl/
server.csr        ### 证书申请
server.key        ### 私钥

localhost[qq]:~ # openssl req -x509 -days 3650 -key /opt/ssl/server.key  -in /opt/ssl/server.csr > /opt/ssl/server.crt

注释：
-x509：证书格式，固定的
days:证书的有效期
keys：指定密钥文件
in：指定证书申请文件

查看证书文件

localhost[qq]:~ # ll /opt/ssl/
total 12
-rw-r--r-- 1 root root 936 Apr 12 17:33 server.crt        ### 证书文件
-rw-r--r-- 1 root root 635 Apr 12 17:25 server.csr        ### 申请书
-rw-r--r-- 1 root root 887 Apr 12 17:19 server.key        ### 私钥文件
请书
-rw-r--r-- 1 root root 887 Apr 12 17:19 server.key        ### 私钥文件