https 单向&&双向认证
单向认证
双向验证
生成证书
生成根证书
openssl genrsa -out root.key 2048
openssl req -new -out root.csr -key root.key
openssl x509 -req -in root.csr -out root.crt -signkey root.key -CAcreateserial -days 3650
生成服务端证书
openssl genrsa -out server.key 2048
openssl req -new -out server.csr -key server.key
openssl x509 -req -in server.csr -out server.crt -signkey server.key -CA root.crt -CAkey root.key -CAcreateserial -days 3650
不用root证书的服务器端证书 des3算法
其他算法 idea
openssl genrsa --des3 -out server.key 2048
SUBJECT="/C=cn/ST=bj/L=bj/O=organizationName/OU=organizationalUnitName/CN=yoursite.com/emailAddress=yournamen@eeoa.com/"
openssl req -new -subj $SUBJECT -out server.csr -key server.key
mv server.key server.orign.key
openssl rsa -in server.orign.key -out server.key
openssl x509 -req -days 3650 -in server.csr -signkey server.key -out server.crt
另一种加密算法 默认算法
openssl genrsa -out server.key 2048
SUBJECT="/C=cn/ST=bj/L=bj/O=organizationName/OU=organizationalUnitName/CN=yoursite.com/emailAddress=yournamen@eeoa.com/"
openssl req -new -subj $SUBJECT -out server.csr -key server.key
openssl x509 -req -days 3650 -in server.csr -signkey server.key -out server.crt
