安裝 openssl
sudo apt install openssl
生成 SSL 證書
# 生成私鑰 (Private Key)
openssl genrsa -out private.key 2048
在當前目錄生成?private.key
# 生成證書簽名請求 (CSR - Certificate Signing Request)
openssl req -new -key private.key -out certificate.csr -subj "/C=US/ST=California/L=San Francisco/O=My Company/OU=IT Department/CN=proxy.com"
在當前目錄生成 certificate.csr
?# 創建配置文件
sudo vim config.ext
subjectKeyIdentifier = hash
authorityKeyIdentifier = keyid:always,issuer:always
basicConstraints = CA:TRUE
keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment, keyAgreement, keyCertSign
subjectAltName = DNS:proxy.com, DNS:www.proxy.com, IP:192.168.5.116
issuerAltName = issuer:copy
# 生成自簽名證書 (Self-signed Certificate)
openssl x509 -req -days 365 -in certificate.csr -signkey private.key -out certificate.crt?-extfile config.ext
在當前目錄生成 certificate.crt
-days 365 參數表示證書的有效期為 365 天,可以根據需要調整。
驗證:
#?驗證證書信息
openssl x509 -in certificate.crt -noout -text