1.生成根CA金鑰
openssl genrsa -out ca.key 2048
openssl req -new -x509 -days 7304 -key ca.key -out ca.crt -subj "/C=CN/ST=beijing/L=beijing/O=bj/OU=kf/CN=project"
openssl genrsa -out sign.key 2048
openssl req -sha256 -new -key sign.key -out server.csr -subj "/C=CN/ST=bj/L=bj/O=bj/OU=kf/CN=project"
mkdir demoCA/
mkdir demoCA/newcerts
touch demoCA/index.txt
touch demoCA/serial
echo 'ffff' >demoCA/serial
openssl ca -policy policy_anything -days 3650 -cert ca.crt -keyfile ca.key -in server.csr -md sha256 -out sign.crt
openssl x509 -in ca.crt -inform pem -outform der -out ca.cer
生成 rsa 2048 金鑰 用 aes256加密
openssl genrsa -aes256 -passout pass:123456 -out rsa2048_aes.key 2048 生成金鑰對(公鑰、私鑰) openssl rsa -in rsa2048_aes.key -passin pass:123456 -pubout -out rsa2048_pub.key 生成公鑰 openssl rsa -in rsa2048_aes.key -passin pass:123456 -pubout -outform der -out rsa2048_pub.key 生成der編碼公鑰
合成 pkcs#12
openssl req -sha256 -new -key sign.key -out sign.csr -subj "/C=CN/CN=192.168.100.29" openssl ca -policy policy_anything -days 5478 -cert ca.crt -keyfile ca.key -in sign.csr -md sha256 -out sign.crt openssl pkcs12 -export -in sign.crt -inkey sign.key -password pass:12345678 -out sign.p12