Openssl 如何为通过Chrome要求的IP地址创建自签名SSL证书
如何创建Chrome可以信任的自签名SSL证书(将CA证书添加到本地计算机后) 证书必须对本地网络IP、本地主机和多个域有效Openssl 如何为通过Chrome要求的IP地址创建自签名SSL证书,openssl,ssl-certificate,Openssl,Ssl Certificate,如何创建Chrome可以信任的自签名SSL证书(将CA证书添加到本地计算机后) 证书必须对本地网络IP、本地主机和多个域有效 准备非交互式创建证书的配置文件(无提示) CA.cnf→ [ req ] prompt = no distinguished_name = req_distinguished_name [ req_distinguished_name ] C = US ST = Localzone L = localhost O = Certificate Autho
CA.cnf
→
[ req ]
prompt = no
distinguished_name = req_distinguished_name
[ req_distinguished_name ]
C = US
ST = Localzone
L = localhost
O = Certificate Authority Local Center
OU = Develop
CN = develop.localhost.localdomain
emailAddress = root@localhost.localdomain
[req]
default_bits = 2048
distinguished_name = req_distinguished_name
req_extensions = req_ext
x509_extensions = v3_req
prompt = no
[req_distinguished_name]
countryName = US
stateOrProvinceName = Localzone
localityName = Localhost
organizationName = Self-signed certificate
commonName = localhost.localdomain
[req_ext]
subjectAltName = @alt_names
[v3_req]
subjectAltName = @alt_names
[alt_names]
IP.1 = 127.0.0.1
IP.2 = 127.0.0.2
IP.3 = 127.0.0.3
IP.4 = 192.168.0.1
IP.5 = 192.168.0.2
IP.6 = 192.168.0.3
DNS.1 = localhost
DNS.2 = localhost.localdomain
DNS.3 = dev.local
localhost.cnf
→
[ req ]
prompt = no
distinguished_name = req_distinguished_name
[ req_distinguished_name ]
C = US
ST = Localzone
L = localhost
O = Certificate Authority Local Center
OU = Develop
CN = develop.localhost.localdomain
emailAddress = root@localhost.localdomain
[req]
default_bits = 2048
distinguished_name = req_distinguished_name
req_extensions = req_ext
x509_extensions = v3_req
prompt = no
[req_distinguished_name]
countryName = US
stateOrProvinceName = Localzone
localityName = Localhost
organizationName = Self-signed certificate
commonName = localhost.localdomain
[req_ext]
subjectAltName = @alt_names
[v3_req]
subjectAltName = @alt_names
[alt_names]
IP.1 = 127.0.0.1
IP.2 = 127.0.0.2
IP.3 = 127.0.0.3
IP.4 = 192.168.0.1
IP.5 = 192.168.0.2
IP.6 = 192.168.0.3
DNS.1 = localhost
DNS.2 = localhost.localdomain
DNS.3 = dev.local
→ OpenSSL CA配置文件。可以在证书创建过程后删除CA.cnf
→ [证书颁发机构]证书。必须将此证书添加到浏览器本地授权存储中,才能信任使用此CA创建的所有证书CA_cert.pem
→ 随机序列号。可以在证书创建过程后删除CA_cert.srl
→ 创建新的[localhost]证书时必须使用。可以在证书创建过程后删除(如果您不打算重用它和CA_cert.pem)CA_key.pem
→ OpenSSL证书配置文件。可以在证书创建过程后删除localhost.cnf
→ 证书签名请求。可以在证书创建过程后删除localhost.csr
→ SSL证书。必须安装在WEB服务器上localhost\u cert.pem
→ 秘密钥匙。必须安装在WEB服务器上localhost\u key.pem
openssl x509 -noout -text -in localhost_cert.pem | grep 'X509v3 Subject Alternative Name' -A 1
openssl x509 -noout -text -in localhost_cert.pem | grep 'X509v3 Subject Alternative Name' -A 1