Apple In House 发布详解(HTTPS证书生成)

1、如果是在Windows下面,用openssl就可以搞定了
1.1首先生成pem格式的CA证书,并导出为crt格式

set OPENSSL_CONF=%OPENSSL_HOME%\bin\openssl.cfg
openssl genrsa 1024 > NMyCA1024.key
openssl req -new -x509 -nodes -key NMyCA1024.key -days 1095 -subj "/C=CN/ST=ShangHai/L=ShangHai/O=NEOHOPE/OU=Development/CN=NMyCA1024" > NMyCA1024.pem

1.2将CA证书导出为der格式

openssl x509 -outform der -in NMyCA1024.pem -out NMyCA1024.der

1.3生成网站私钥及证书签名请求

set OPENSSL_CONF=%OPENSSL_HOME%\bin\openssl.cfg
openssl genrsa 1024 > server.key
openssl req -new -key server.key -subj "/C=CN/ST=ShangHai/L=ShangHai/O=NEOHOPE/OU=Development/CN=192.168.130.50" > server.csr

1.4用CA证书处理证书签名请求,生成CA授权的证书

openssl x509 -req -in server.csr -CA NMyCA1024.pem -CAkey NMyCA1024.key -CAcreateserial -days 365 > serversigned.crt

1.5将NMyCA1024.der、server.key、serversigned.crt拷给证书使用者

1.6一定要保管好NMyCA1024.key及NMyCA1024.pem,不要弄丢,更不要拷给别人

2、如果是在MAC下面,有一个工具就能搞定EasyCert

./EasyCert -cn NMyCA -h 192.168.130.50

但同样的,要保护好CA的私钥。

Comments are closed.