标签：section   int   challenge   des   windows   exp   路径   with   是你   

OpenSSL证书生成参考：

部分参考：　https://blog.csdn.net/qq_37979887/article/details/80491849

Microsoft Windows [版本 6.1.7601]
版权所有 (c) 2009 Microsoft Corporation。保留所有权利。

C:\Users\XinSai>type server.crt server.key > server.pem

server.crt

server.key

牵涉到密钥的密码是：callcenter(请按你自己的密码设定)

• 第1步：

C:\Users\XinSai>openssl
OpenSSL> genrsa -des3 -out server.key 2048
Generating RSA private key, 2048 bit long modulus (2 primes)
.............+++++
................+++++
e is 65537 (0x010001)
Enter pass phrase for server.key:
Verifying - Enter pass phrase for server.key:

• 第2步：

OpenSSL> req -new -key server.key -out server.csr
Enter pass phrase for server.key:
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter ‘.‘, the field will be left blank.
-----
Country Name (2 letter code) [AU]:CN
State or Province Name (full name) [Some-State]:Beijing
Locality Name (eg, city) []:Beijing
Organization Name (eg, company) [Internet Widgits Pty Ltd]:sjht
Organizational Unit Name (eg, section) []:info technology
Common Name (e.g. server FQDN or YOUR name) []:www.callcenter.com
Email Address []:2043785563@qq.com

Please enter the following ‘extra‘ attributes
to be sent with your certificate request
A challenge password []:callcenter
An optional company name []:sjht

• 第3步：

OpenSSL> rsa -in server.key -out server_no_passwd.key
Enter pass phrase for server.key:
writing RSA key

• 第4步：

OpenSSL> x509 -req -days 365 -in server.csr -signkey server_no_passwd.key -out server.crt
Signature ok
subject=C = CN, ST = Beijing, L = Beijing, O = sjht, OU = info technology, CN =
callcenter.com, emailAddress = 394703489@qq.com
Getting Private key

• 第5步：quit 退出OpenSSL,直接用cmd执行：

OpenSSL> quit
C:\Users\XinSai>type server.crt server_no_passwd.key > server.pem.
server.crt
server_no_passwd.key
C:\Users\XinSai>

• 第6步：
  最后一步记得合成：

type server.crt server_no_passwd.key > server.pem

• 第7步：生成iis要用的证书

OpenSSL> pkcs12 -export -clcerts -in server.crt -inkey server_no_passwd.key -out
 iis.pfx
Enter Export Password:
Verifying - Enter Export Password:
OpenSSL>

去掉浏览器开始提示的HTTPS页面：
https://blog.csdn.net/haowai501/article/details/80269807

允许浏览器执行不安全的证书：
https://segmentfault.com/a/1190000021843971

1. 找到你的Chrome快捷方式.
2. 右键图标,选择属性
3. 找到”目标”文本框,里面的内容是你的Chrome程序路径,类似这样C:\Users\Administrator\AppData\Local\Google\Chrome\Application\chrome.exe
4. 在这段文本的后面输入一个空格,然后输入-ignore-certificate-errors
5. 修改后的文本应该类似于这样:C:\Users\Administrator\AppData\Local\Google\Chrome\Application\chrome.exe -ignore-certificate-errors
6. 点击确定
7. 重新打开你的Chrome浏览器

OpenSSL证书生成参考

标签：section   int   challenge   des   windows   exp   路径   with   是你   

原文地址：https://www.cnblogs.com/zh672903/p/12952431.html