- 写demo部署时经常会用到https环境,申请域名、证书这些又很麻烦,所以就打算自己生成临时证书使用;😎
- 公司或者一些重要的项目还是要慎用😁
一、配置openssl环境
1. 安装openssl
openssl官方没有提供windows下的安装文件,使用第三方软件下载地址
选择适合本机的版本即可,这里我下载的是 Win64 OpenSSL v1.1.1i Light
2. 配置环境变量
在环境变量path末尾添加 安装路径/bin
打开命令行输入 openssl help 检测是否安装成功
二、生成证书
1. 创建证书密钥文件 server.key:
openssl genrsa -des3 -out server.key
输出内容为:
Generating RSA private key, 2048 bit long modulus (2 primes)
........+++++
......................................+++++
e is 65537 (0x010001)
Enter pass phrase for server.key: ---> 输入密码
Verifying - Enter pass phrase for server.key: ---> 验证密码
2. 创建证书的申请文件server.csr
openssl req -new -key server.key -out server.csr
输出内容为:
Enter pass phrase for server.key: ---> 输入上面设置的密码
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:CN ---> 国家简称
State or Province Name (full name) [Some-State]:ShangHai ---> 省份全拼
Locality Name (eg, city) []:ShangHai ---> 市区全拼
Organization Name (eg, company) [Internet Widgits Pty Ltd]:CompanyName ---> 公司名称
Organizational Unit Name (eg, section) []: ---> 部门(可不填)
Common Name (e.g. server FQDN or YOUR name) []: ---> 域名(可不填)
Email Address []:youremail@163.com ---> 邮箱
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []: ---> 设置密码(可不填)
An optional company name []: ---> 可不填
3. 删除私钥中的密码
删除创建密钥时设置的密码 openssl rsa -in server.key -out new_server.key
4. 创建证书server.crt(有效期自己定义,这里我设置十年😂):
openssl x509 -req -days 3650 -in server.csr -signkey new_server.key -out server.crt
以上,证书文件就生成了,只需在配置中使用即可🎉🎉🎉
补充
最近发现一个更好用的证书生成工具
mkcert
