REM 生成CA私钥
openssl genrsa -out ca.key 16384
REM 生成服务器私钥
openssl genrsa -out server.key 16384
REM 签发CA证书
openssl req -new -x509 -sha512 -days 36600 -key ca.key -out ca.crt -config D:\PHPX64\openssl\program\bin\openssl.cfg -subj "/C=CN/ST=SC/L=ChengDu/O=elsesky.bid/OU=elsesky.bid/CN=ca.elsesky.bid" -extensions v3_req
REM 生成服务器请求(注意,先修改openssl.cfg里面[ v3_req ]的配置,与实际情况一致)
openssl req -new -out server.csr -key server.key -subj "/C=CN/ST=SC/L=ChengDu/O=elsesky.bid/OU=elsesky.bid/CN=*.elsesky.bid" -config D:\PHPX64\openssl\program\bin\openssl.cfg -sha512
REM X509含多域的方式签发:
openssl x509 -req -in server.csr -out server.crt -CA ca.crt -CAkey ca.key -sha512 -days 366000 -extensions v3_req -extfile D:\PHPX64\openssl\program\bin\openssl.cfg -CAcreateserial
关于OPENSSL找不到配置文件的处理方法:
在系统全局环境变量中添加如下内容:
OPENSSL_CONF:c:\openssl\openssl.cfg
原文地址:http://423106.blog.51cto.com/413106/1916122
