網上有很多介紹如何創建self-signed certificate的文章,但是有個缺點是每一步必須輸入多個參數,寫腳本的時候就得寫成交互式的,爲了寫腳本的方便性,本文通過配置文件來創建一個self-signed certificate。
1. 先創建一個文件夾:
mkdir /etc/httpd/ssl
2. cd /etc/httpd/ssl
3. 寫一個配置文件self_signed_certificate.conf
[ req ]
default_bits = 1024
default_keyfile = server.key
distinguished_name = subject
string_mask = utf8only
prompt = no #這一步必須加,否則還是會顯示很多內容讓輸入
# The Subject DN can be formed using X501 or RFC 4514 (see RFC 4519 for a description).
# Its sort of a mashup. For example, RFC 4514 does not provide emailAddress.
[ subject ]
commonName =2003:db1::1093 #這裏是httpd server的ip地址或者域名
stateOrProvinceName =The earth
countryName =CN
emailAddress =optional
organizationName =TEST
4. 運行:
openssl req -config self_signed_certificate.conf -new -x509 -sha256 -newkey rsa:1024 -nodes -keyout server.key -days 365 -out server.crt
5. 然後更改文件 vim /etc/httpd/conf.d/ssl.conf:
SSLCertificateFile /etc/httpd/ssl/server.crt
SSLCertificateKeyFile /etc/httpd/ssl/server.key
6. service httpd restart