服务器证书
最后更新于:2022-04-02 03:51:34
[TOC]
## 服务器证书
1. 生成服务器端的私钥
```
openssl genrsa -out server.key 2048
```
2. 生成服务器端证书
```
openssl req -new -x509 -key server.key -out server.pem -days 3650
```
## 客户端证书
除了"服务端证书",在某些场合中还会涉及到"客户端证书"。所谓的"客户端证书"就是用来**证明客户端访问者的身份**。
3. 生成客户端的私钥
```
openssl genrsa -out client.key 2048
```
4. 生成客户端的证书
```
openssl req -new -x509 -key client.key -out client.pem -days 3650
```
## 脚本同时生成服务端/客户端整数
makecert.sh
```
#!/bin/bash
# call this script with an email address (valid or not).
# like:
# ./makecert.sh demo@random.com
mkdir certs
rm certs/*
echo "make server cert"
openssl req -new -nodes -x509 -out certs/server.pem -keyout certs/server.key -days 3650 -subj "/C=DE/ST=NRW/L=Earth/O=Random Company/OU=IT/CN=www.random.com/emailAddress=$1"
echo "make client cert"
openssl req -new -nodes -x509 -out certs/client.pem -keyout certs/client.key -days 3650 -subj "/C=DE/ST=NRW/L=Earth/O=Random Company/OU=IT/CN=www.random.com/emailAddress=$1"
```
运行
```
./makecert.sh 2600304@qq.com
```
```
';