跳至主要內容

自签名证书

王江南2025年12月9日小于 1 分钟

openssl genrsa -out myserver.key 2048

csr.conf

[ req ]
default_bits       = 2048
prompt             = no
default_md         = sha256
req_extensions     = req_ext
distinguished_name = dn

[ dn ]
C  = CN
ST = Shanghai
L  = Shanghai
O  = MyCustomOrganization
OU = Dev Department
CN = example.com

[ req_ext ]
subjectAltName = @alt_names

[ alt_names ]
DNS.1 = example.com
IP.1  = 192.168.3.12
字段含义举例
O组织名MyCompany
OU部门名Dev Team
CN主域名example.com
DNS.*SAN 域名www.example.com
IP.*IP 地址192.168.1.10

生成 CSR(使用配置文件)

openssl req -new -key myserver.key -out myserver.csr -config csr.conf

生成自签名证书(仅测试用)
openssl x509 -req -in myserver.csr -signkey myserver.key
-out myserver.crt -days 365 -extensions req_ext -extfile csr.conf

server {
    listen 443 ssl;
    server_name localhost;

    ssl_certificate     /etc/nginx/ssl/myserver.crt;
    ssl_certificate_key /etc/nginx/ssl/myserver.key;

    root /var/www/html;
    index index.html;
}
上次编辑于: 2025/12/9 09:34:21
贡献者: wjn0918