openssl颁发带san证书

蒜香大龙虾 2024-08-08 01:06:01
Categories: Tags:

根证书和颁发证书

安装openssl

1
yum install openssl-* -y

生成根证书

根证书目录在/etc/pki/CA

1
2
3
4
5
6
cd /etc/pki/CA
touch index.txt
echo 01 > serial
openssl genrsa -out private/cakey.pem
openssl req -new -x509 -key private/cakey.pem -out cacert.pem -days 36500 \
-subj "/C=CN/ST=Guangdong/L=Guangzhou/O=skills/OU=system/CN=skills.com"

生成带san证书

这里生成一个通配符证书

生成csr文件

1
2
3
4
cd /opt
openssl genrsa -out skills.key
openssl req -new -key skills.key -out skills.csr \
-subj "/C=CN/ST=Guangdong/L=Guangzhou/O=skills/OU=system/CN=*.skills.com"

加san

1
2
3
4
5
6
cp /etc/pki/tls/openssl.cnf ./san.cnf
cat >> san.cnf << EOF
[SAN]
subjectAltName=DNS:*.skills.com,DNS:skills.com
EOF
echo -e "y\ny" | openssl ca -in skills.csr -out skills.crt -extensions SAN -config san.cnf
samba基本配置
telnet基本配置