★ openssl req -new -out ca/ca-req.csr -key ca/ca-key.pem
-------------------------------------------------------------++++--------
D:\OpenSSL\bin>openssl req -new -out ca/ca-req.csr -key ca/ca-key.pem
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:CN
State or Province Name (full name) [Some-State]:China
Locality Name (eg, city) []:Shanghai
Organization Name (eg, company) [Internet Widgits Pty Ltd]:CA Center China Co.LD
Organizational Unit Name (eg, section) []:CA Center
Common Name (eg, YOUR name) []:www.CA.org
Email Address []:CA@CA.org
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:cacenter
An optional company name []:CA
-------------------------------------------------------------++++--------
★ openssl x509 -req -in ca/ca-req.csr -out ca/ca-cert.pem -signkey ca/ca-key.pem -days 365
-------------------------------------------------------------++++--------
D:\OpenSSL\bin>openssl x509 -req -in ca/ca-req.csr -out ca/ca-cert.pem -signkey
ca/ca-key.pem -days 365
Loading 'screen' into random state - done
Signature ok
subject=/C=CN/ST=China/L=Shanghai/O=CA Center China Co.LD/OU=CA Center/CN=www.CA
.org/emailAddress=CA@CA.org
Getting Private key
-------------------------------------------------------------++++--------
■产生server端的密钥和证书
★ openssl genrsa -out server/server.key 1024
★ openssl req -new -out server/server.csr -key server/server.key
D:\OpenSSL\bin>openssl req -new -out server/server.csr -key server/server.key
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:CN
State or Province Name (full name) [Some-State]:China
Locality Name (eg, city) []:Shanghai
Organization Name (eg, company) [Internet Widgits Pty Ltd]:www.server.com
Organizational Unit Name (eg, section) []:Server
Common Name (eg, YOUR name) []:serverIp(此处须与服务器的地址一致)
Email Address []:admin@server.com
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:changeit
An optional company name []:Server
★ openssl x509 -req -in server/server.csr -out server/server.crt -signkey server/server.key -CA ca/ca-cert.pem -CAkey ca/ca-key.pem -days 365
D:\OpenSSL\bin>openssl x509 -req -in server/server.csr -out server/server.crt -s
ignkey server/server.key -days 365
Loading 'screen' into random state - done
Signature ok
subject=/C=CN/ST=China/L=Shanghai/O=www.server.com/OU=Server/CN
=serverIp/emailAddress=server@server.com
Getting Private key
■ 产生Client端的证书
★ openssl genrsa -out client/client-key.pem 1024
-------------------------------------------------------------++++--------
D:\OpenSSL\bin>openssl genrsa -out client/client-key.pem 1024
Loading 'screen' into random state - done
Generating RSA private key, 1024 bit long modulus
........++++++
................................................................................
..........++++++
e is 65537 (0x10001)
-------------------------------------------------------------++++--------
★ openssl req -new -out client/client-req.csr -key client/client-key.pem
-------------------------------------------------------------++++--------
D:\OpenSSL\bin>openssl req -new -out client/client-req.csr -key client/client-ke
y.pem
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:CN
State or Province Name (full name) [Some-State]:China
Locality Name (eg, city) []:Shanghai
Organization Name (eg, company) [Internet Widgits Pty Ltd]:Client Co.Ld
Organizational Unit Name (eg, section) []:Client
Common Name (eg, YOUR name) []:www.client.com
Email Address []:Client@client.com.cn
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:password
An optional company name []:Client
-------------------------------------------------------------++++--------