openssl生成證書

1. 生成CA私鑰
   openssl ecparam -genkey -name SM2 -out ca.key.pem -noout

2. 證書請求
   openssl req -new -key ca.key.pem -out ca.cert.req -subj “/CN=rtems-strongswan-CA”

3. 生成證書
   openssl x509 -req -days 3650 -in ca.cert.req -signkey ca.key.pem -out ca.cert.pem

4. 生成目標私鑰
   openssl ecparam -genkey -name SM2 -out carolKey.pem -noout

5. 證書請求
   openssl req -new -key carolKey.pem -out carolCert.req -subj “/CN=rtems-strongswan-carol”

6. 生成證書
   openssl x509 -req -days 3650 -in carolCert.req -CA ca.cert.pem -CAkey ca.key.pem -out carolCert.pem

7. 查看私鑰密鑰格式ASN.1內容
   openssl asn1parse -in openssl_dave.key

8. 查看證書內容
   openssl x509 -in openssl_dave.pem -noout -text