使用mac openssl 生成证书

第一步：Openssl产生私钥 (RSA)

  //1、生成私钥  $ openssl genrsa -aes128 -out fd.key 2048  Generating RSA private key, 2048 bit long modulus  ....+++  ......................................................................................  +++  e is 65537 (0x10001)  Enter pass phrase for fd.key: ****************  Verifying - Enter pass phrase for fd.key: ****************//2、查看fd.key：  A：$ openssl rsa -text -in fd.key (只能查看私钥文件)    B：$ cat fd.key  -----BEGIN RSA PRIVATE KEY-----  Proc-Type: 4,ENCRYPTED  DEK-Info: AES-128-CBC,01EC21976A463CE36E9DB59FF6AF689A                          vERmFJzsLeAEDqWdXX4rNwogJp+y95uTnw+bOjWRw1+O1qgGqxQXPtH3LWDUz1Ym  mkpxmIwlSidVSUuUrrUzIL+V21EJ1W9iQ71SJoPOyzX7dYX5GCAwQm9Tsb40FhV/  [21 lines removed...]  4phGTprEnEwrffRnYrt7khQwrJhNsw6TTtthMhx/UCJdpQdaLW/TuylaJMWL1JRW  i321s5me5ej6Pr4fGccNOe7lZK+563d7v5znAx+Wo1C+F7YgF+g8LOQ8emC+6AVV

第二步：生成公钥

//根据私钥生成公钥$ openssl rsa -in fd.key -pubout -out fd-public.key  Enter pass phrase for fd.key: ****************

第三步：创建证书签名请求CSR文件

//创建证书 CSR 请求$ openssl req -new -key fd.key -out fd.csr//查看 CSR 文件$ openssl req -text -in fd.csr -noout//根据证书生成 CSR 文件$ openssl x509 -x509toreq -in fd.crt -out fd.csr -signkey fd.key

第四步：生成证书

//根据csr和公钥生成证书$ openssl x509 -req -days 365 -in fd.csr -signkey fd.key -out fd.crt//根据公钥生成证书$ openssl req -new -x509 -days 365 -key fd.key -out fd.crt//避免主题信息的输入$ openssl req -new -x509 -days 365 -key fd.key -out fd.crt \   -subj "/C=GB/L=London/O=Feisty Duck Ltd/CN=www.feistyduck.com”

其它：

//1、证书格式转换//pem->der$ openssl x509 -inform PEM -in fd.pem -outform DER -out fd.der//der->pem  $ openssl x509 -inform DER -in fd.der -outform PEM -out fd.pem