Fatal编程技术网
  • openssl/
  • Openssl 如何为通过Chrome要求的IP地址创建自签名SSL证书

Openssl 如何为通过Chrome要求的IP地址创建自签名SSL证书

openssl

Openssl 如何为通过Chrome要求的IP地址创建自签名SSL证书,openssl,ssl-certificate,Openssl,Ssl Certificate,如何创建Chrome可以信任的自签名SSL证书(将CA证书添加到本地计算机后) 证书必须对本地网络IP、本地主机和多个域有效 准备非交互式创建证书的配置文件(无提示) CA.cnf→ [ req ] prompt = no distinguished_name = req_distinguished_name [ req_distinguished_name ] C = US ST = Localzone L = localhost O = Certificate Autho

如何创建Chrome可以信任的自签名SSL证书(将CA证书添加到本地计算机后)

证书必须对本地网络IP、本地主机和多个域有效

  • 准备非交互式创建证书的配置文件(无提示)
    • CA.cnf

    [ req ]
prompt = no
distinguished_name = req_distinguished_name

[ req_distinguished_name ]
C = US
ST = Localzone     
L = localhost    
O = Certificate Authority Local Center
OU = Develop      
CN = develop.localhost.localdomain
emailAddress = root@localhost.localdomain

    [req]
default_bits  = 2048
distinguished_name = req_distinguished_name
req_extensions = req_ext
x509_extensions = v3_req
prompt = no

[req_distinguished_name]
countryName = US
stateOrProvinceName = Localzone
localityName = Localhost
organizationName = Self-signed certificate
commonName = localhost.localdomain

[req_ext]
subjectAltName = @alt_names

[v3_req]
subjectAltName = @alt_names

[alt_names]
IP.1 = 127.0.0.1
IP.2 = 127.0.0.2
IP.3 = 127.0.0.3
IP.4 = 192.168.0.1
IP.5 = 192.168.0.2
IP.6 = 192.168.0.3
DNS.1 = localhost
DNS.2 = localhost.localdomain
DNS.3 = dev.local

    localhost.cnf

    [ req ]
prompt = no
distinguished_name = req_distinguished_name

[ req_distinguished_name ]
C = US
ST = Localzone     
L = localhost    
O = Certificate Authority Local Center
OU = Develop      
CN = develop.localhost.localdomain
emailAddress = root@localhost.localdomain

    [req]
default_bits  = 2048
distinguished_name = req_distinguished_name
req_extensions = req_ext
x509_extensions = v3_req
prompt = no

[req_distinguished_name]
countryName = US
stateOrProvinceName = Localzone
localityName = Localhost
organizationName = Self-signed certificate
commonName = localhost.localdomain

[req_ext]
subjectAltName = @alt_names

[v3_req]
subjectAltName = @alt_names

[alt_names]
IP.1 = 127.0.0.1
IP.2 = 127.0.0.2
IP.3 = 127.0.0.3
IP.4 = 192.168.0.1
IP.5 = 192.168.0.2
IP.6 = 192.168.0.3
DNS.1 = localhost
DNS.2 = localhost.localdomain
DNS.3 = dev.local
  • 生成CA私钥和证书(有效期为5年)
  • 生成web服务器密钥和CSR
  • 创建自签名证书()
  • 利润
    • 输出文件将是:

    • CA.cnf
      → OpenSSL CA配置文件。可以在证书创建过程后删除
    • CA_cert.pem
      → [证书颁发机构]证书。必须将此证书添加到浏览器本地授权存储中,才能信任使用此CA创建的所有证书
    • CA_cert.srl
      → 随机序列号。可以在证书创建过程后删除
    • CA_key.pem
      → 创建新的[localhost]证书时必须使用。可以在证书创建过程后删除(如果您不打算重用它和CA_cert.pem)
    • localhost.cnf
      → OpenSSL证书配置文件。可以在证书创建过程后删除
    • localhost.csr
      → 证书签名请求。可以在证书创建过程后删除
    • localhost\u cert.pem
      → SSL证书。必须安装在WEB服务器上
    • localhost\u key.pem
      → 秘密钥匙。必须安装在WEB服务器上
    SSL证书替代名称可以通过

    openssl x509 -noout -text -in localhost_cert.pem | grep 'X509v3 Subject Alternative Name' -A 1

    openssl x509 -noout -text -in localhost_cert.pem | grep 'X509v3 Subject Alternative Name' -A 1