一.自建CA
OS:centos 6.4
# cd /etc/pki/CA # (umask 077;openssl genrsa -out /etc/pki/CA/private/cakey.pem 1024) (生成CA私匙) # openssl req -new -x509 -key /etc/pki/CA/private/cakey.pem -out /etc/pki/CA/cacert.pem -days 3650 (生成自簽證書) # touch /etc/pki/CA/index.txt # echo 01 > serial
二.如何製作csr
mkdir /usr/local/mysql/ssl (umask 077;openssl genrsa -out /usr/local/mysql/ssl/mysql.key 1024) openssl req -new -key /usr/local/mysql/ssl/mysql.key -out /usr/local/mysql/ssl/mysql.csr -days 365
三.如何給別人認證
openssl ca -in mysql.csr -out mysql.crt -days 365