root@5f25b0f636e5:/data/ssl# openssl req -newkey rsa:2048 -nodes -keyout ca/ca-key.pem -x509 -days 3650 -out ca/ca-cert.pem .+.+........+.+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*..+............+......+..+...+..........+........+.+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*..+...............+..+.+..+.............+.....+.........+.+..+...+.+......+..+.+......+.....+...+...+...+.+...+........+....+......+.....+.......+............+...+...............+.....+...+.........+....+.....+.+.....+.+..+......+.......+..+.............+...+............+..+.+..+....+...........+...+.........+.+...........+.+...........................+...+........+.+...........+.......+..+.+............+...........+..........+.....+.........+............+...+.......+...+.....+................+...........+.+.....+....+.....+................+.....+...+.......+...+...........+......+....+.....+...+............................+.................+.+.........+......+.....+......+..........+.....+....+..+....+..........................+...+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ ...+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*..+...........+.......+..+.+..............+.+......+.........+..+...+.........+............+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*..............+..............+....+..+......+..........+.........+........+......+............+.............+...........+.+.........+...+...+........+..........+..............+...+....+.....+...+..........+...+..+.+..+.......+............+......+...+.....+.+...........+...+...................+..+.+..+...+.......+..+....+.....+.+......+..+.+......+...............+........+...+............+...+...+.+.........+..+.........+...+...+....+...+........+..........+...+...........+.........+......+...+...+...+......+.+........+.+...+..+.+..............+.+...+..+.......+..+...+......+....+........+....+...+......+.....+.+..............+.+........+...+....+...+..+.+...+............+...+........................+...+...+.........+......+...........+.+..+...+..................+....+...........+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ ----- You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. ----- Country Name (2 letter code) [AU]:CN State or Province Name (full name) [Some-State]:Hubei Locality Name (eg, city) []:Xianning Organization Name (eg, company) [Internet Widgits Pty Ltd]:Fuwei Organizational Unit Name (eg, section) []:IT Common Name (e.g. server FQDN or YOUR name) []:fuwei.com Email Address []:admin@fuwei.com
root@5f25b0f636e5:/data/ssl# openssl req -newkey rsa:2048 -nodes -keyout server/server-key.pem -out server/server-req.csr ........+...+......+.......+.........+...+..+...+......+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*...+...+...+....+.....+......+..........+.....+...+......+...+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*.+.+........+...+....+......+....................+............+.......+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ ....+.....+...+...+.......+........+...+............+.......+..+.........+.......+...+.....+....+...........+..........+.........+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*.+....+.....+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*.+...............+......+.................+....+......+.........+......+...+............+..............+...............+....+..+............+...+....+.....+...+...+...+.+......+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ ----- You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. ----- Country Name (2 letter code) [AU]:CN State or Province Name (full name) [Some-State]:Hubei Locality Name (eg, city) []:Xianning Organization Name (eg, company) [Internet Widgits Pty Ltd]:Fuwei Organizational Unit Name (eg, section) []:IT Common Name (e.g. server FQDN or YOUR name) []:server.fuwei.com Email Address []:server@fuwei.com
Please enter the following 'extra' attributes to be sent with your certificate request A challenge password []: An optional company name []:
root@5f25b0f636e5:/data/ssl# openssl x509 -req -in server/server-req.csr -out server/server-cert.pem -CA ca/ca-cert.pem -CAkey ca/ca-key.pem -CAcreateserial -days 3650 Certificate request self-signature ok subject=C = CN, ST = Hubei, L = Xianning, O = Fuwei, OU = IT, CN = server.fuwei.com, emailAddress = server@fuwei.com
Client 证书:
1.创建客户端证书签名请求(CSR 文件):
root@5f25b0f636e5:/data/ssl# openssl req -newkey rsa:2048 -nodes -keyout client/client-key.pem -out client/client-req.csr ..+.+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*....+.....+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*........+......+.........+.+......+.....+.+..+...+.........+...+...+.............+............+.....+.........+.............+...+........+....+..+...+.+......+.....+.+.....+....+.....+......+....+.....+.+...+.....+..........+..+............+.+......+........+.....................+.+...........+....+...........+..........+.....+.......+......+......+.........+.....+.........+.+..+.............+...........+...+.+.....+.+...+..+......+...+.+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ .+........+.......+...+......+...+..+....+......+...+...+.....+...+.+......+...+.....+..........+.....+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*.....+...+...+.....+.+.....+...................+..+....+...........+....+...+...............+.....+.+..+.......+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*.+.+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ ----- You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. ----- Country Name (2 letter code) [AU]:CN State or Province Name (full name) [Some-State]:Hubei Locality Name (eg, city) []:Xianning Organization Name (eg, company) [Internet Widgits Pty Ltd]:Fuwei Organizational Unit Name (eg, section) []:IT Common Name (e.g. server FQDN or YOUR name) []:client.fuwei.com Email Address []:client@fuwei.com
Please enter the following 'extra' attributes to be sent with your certificate request A challenge password []: An optional company name []: