准备存放证书目录
mkdir -p /opt/ssl
生成私钥
#使用openssl生成基于rsa数学算法长度为1024bit的密钥,文件必须以key为结尾
localhost[qq]:~ # openssl genrsa 1024 > /opt/ssl/server.key
Generating RSA private key, 1024 bit long modulus
...........++++++
.++++++
e is 65537 (0x10001)
localhost[qq]:~ # openssl req -new -key /opt/ssl/server.key > /opt/ssl/server.csr
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:CN ### 国家名
State or Province Name (full name) []:BJ ### 省会
Locality Name (eg, city) [Default City]:BJ ### 城市
Organization Name (eg, company) [Default Company Ltd]:YONG ### 组织名
Organizational Unit Name (eg, section) []:cloud ###组织单位名
Common Name (eg, your name or your server's hostname) []:10.10.10.10 ### 服务器名字
Email Address []: ### 邮箱可选
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []: ### 密码为空
An optional company name []: ###密码为空
使用密钥文件生成证书-申请证书
localhost[qq]:~ # ls /opt/ssl/
server.csr ### 证书申请
server.key ### 私钥
localhost[qq]:~ # openssl req -x509 -days 3650 -key /opt/ssl/server.key -in /opt/ssl/server.csr > /opt/ssl/server.crt
注释:
-x509:证书格式,固定的
days:证书的有效期
keys:指定密钥文件
in:指定证书申请文件
查看证书文件
localhost[qq]:~ # ll /opt/ssl/
total 12
-rw-r--r-- 1 root root 936 Apr 12 17:33 server.crt ### 证书文件
-rw-r--r-- 1 root root 635 Apr 12 17:25 server.csr ### 申请书
-rw-r--r-- 1 root root 887 Apr 12 17:19 server.key ### 私钥文件
请书
-rw-r--r-- 1 root root 887 Apr 12 17:19 server.key ### 私钥文件
| 
