快速创建自签名 ssl 证书
运行环境为Linux,且已安装openssl
组件。
签发的证书不被浏览器信任,但用于测试或内部系统完全没问题,请勿用于生成环境。
mkdir -p ~/myssl && cd ~/myssl
cat <<EOF >self.cnf
[ req ]
distinguished_name = req_distinguished_name
[ req_distinguished_name ]
[ v3_req ]
subjectAltName = @alt_names
[ alt_names ]
DNS.1 = example.org
DNS.2 = *.example.org
EOF
SUBJECT="/C=CN"
SUBJECT="$SUBJECT/ST=Beijing"
SUBJECT="$SUBJECT/L=Beijing"
SUBJECT="$SUBJECT/O=ExampleOrg"
SUBJECT="$SUBJECT/OU=Devops"
SUBJECT="$SUBJECT/CN=example.org"
SUBJECT="$SUBJECT/[email protected]"
openssl req -newkey rsa:4096 -x509 -nodes -days 3650 -extensions v3_req \
-config self.cnf -keyout server.key -out server.crt -subj "$SUBJECT"