生成自签名ca 和服务器证书

1.生成ca私钥

openssl genrsa -out ca_private.key 2048

2.生成ca证书请求文件csr

openssl req -new -key ca_private.key  -out ca_req.csr -days 7300

3.生成自签名ca证书

openssl x509 -req -in ca_req.csr -signkey ca_private.key -out ca_root.crt -days 7300

4.生成服务器证书私钥

openssl genrsa -out server_private.key 2048

5.生成服务器证书请求文件csr

openssl req -new -key server_private.key -out server_req.csr -days 3650

6.使用ca私钥签名生成服务器证书

openssl x509 -req -in server_req.csr -days 3650  -CAkey ca_private.key -CA ca_root.crt -CAcreateserial  -out server.crt