1、确认系统是否有安装 openssl,如果没安装的话,则使用 yum install -y openssl openssl-devel 安装:
[root@centos php-5.6.35]# rpm -qa openssl
openssl-1.0.2k-8.el7.x86_642、执行命令,生成 2048 (#`O′)的加密私钥:
[root@centos ~]# openssl genrsa -out server.key 2048
Generating RSA private key, 2048 bit long modulus
.+++
........................+++
e is 65537 (0x10001)3、 生成证书签名请求(CSR),这里需要填写许多信息,如国家,省市,公司等:
[root@centos ~]# openssl req -new -key server.key -out server.csr
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:CN #国家代码
State or Province Name (full name) []:FJ #省级代码
Locality Name (eg, city) [Default City]:XM #市级代码
Organization Name (eg, company) [Default Company Ltd]:xinbo #公司名称
Organizational Unit Name (eg, section) []:IT #所在部门
Common Name (eg, your name or your server's hostname) []:CENTOTS.COM #服务器名称
Email Address []: #邮件地址
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []: #设置密码,留空即可
An optional company name []:
4、 最后,生成类型为X509的自签名证书。有效期设置3650天,即有效期为10年
[root@centos ~]# openssl x509 -req -days 3650 -in server.csr -signkey server.key -out server.crt
Signature ok
subject=/C=CN/ST=FJ/L=XM/O=xinbo/OU=IT/CN=CENTOTS.COM
Getting Private key生成的证书文件如下:
[root@centos ~]# ls
server.crt server.csr server.key