01.openssl-创建证书签名请求

1.Creating Certificate Signing Requests
openssl req -new -key fd.key -out fd.csr

2.After a CSR is generated, use it to sign your own certificate and/or send it to a public CA
and ask it to sign the certificate.
openssl req -text -in fd.csr -noout

3.openssl x509 -x509toreq -in fd.crt -out fd.csr -signkey fd.key

4.添加以下内容到fd.cnf
[req]
prompt = no
distinguished_name = dn
req_extensions = ext
input_password = PASSPHRASE
[dn]
CN = www.feistyduck.com
emailAddress = webmaster@feistyduck.com
O = Feisty Duck Ltd
L = London
C = GB
[ext]
subjectAltName = DNS:www.feistyduck.com,DNS:feistyduck.com

5.openssl req -new -config fd.cnf -key fd.key -out fd.csr

6签署自己的证书
openssl req -new -x509 -days 365 -key fd.key -out fd.crt 或
openssl req -new -x509 -days 365 -key fd.key -out fd.crt -subj “/C=GB/L=London/O=Feisty Duck Ltd/CN=www.feistyduck.com”

7.创建对多个主机名有效的证书
openssl x509 -req -days 365 -in fd.csr -signkey fd.key -out fd.crt -extfile fd.ext

8.检查证书
openssl x509 -text -in fd.crt -noout