SSL证书生成

设置openssl.cnf路径：

set OPENSSL_CONF=G:\libs\openssl-1.0.1e\bin\openssl.cnf

生成私钥：

> genrsa -des3 -out server.key 2048Loading 'screen' into random state - doneGenerating RSA private key, 2048 bit long modulus....................................+++....................................................................................+++e is 65537 (0x10001)Enter pass phrase for server.key:Verifying - Enter pass phrase for server.key:

可以将密码删除：

OpenSSL> rsa -in server.key -out server_no_password.keyEnter pass phrase for server.key:writing RSA key

生成证书请求文件(CSR)：

OpenSSL> req -new -key server.key -out server.csrEnter pass phrase for server.key:Loading 'screen' into random state - doneYou are about to be asked to enter information that will be incorporatedinto your certificate request.What you are about to enter is what is called a Distinguished Name or a DN.There are quite a few fields but you can leave some blankFor some fields there will be a default value,If you enter '.', the field will be left blank.-----Country Name (2 letter code) [AU]:CNState or Province Name (full name) [Some-State]:BeijingLocality Name (eg, city) []:BeijingOrganization Name (eg, company) [Internet Widgits Pty Ltd]:xxxsoftOrganizational Unit Name (eg, section) []:xxxsoftCommon Name (e.g. server FQDN or YOUR name) []:xxxsoft.comEmail Address []:comaxy@126.comPlease enter the following 'extra' attributesto be sent with your certificate requestA challenge password []:1234An optional company name []:cynhard

生成证书文件：

OpenSSL> x509 -req -days 365 -in server.csr -signkey server_no_password.key -out server.crtLoading 'screen' into random state - doneSignature oksubject=/C=CN/ST=Beijing/L=Beijing/O=xxxsoft/OU=xxxsoft/CN=xxxsoft.com/emailAddress=comaxy@126.comGetting Private key