openssl req -new -x509 -days 3650 -nodes -out server.crt -keyout server.key -subj "/C=XX/L=Default City/O=Default Company Ltd/"
指定证书为2048位RSA:
openssl req -newkey rsa:2048 -x509 -days 3650 -nodes -out server.crt -keyout server.key -subj "/C=XX/L=Default City/O=Default Company Ltd/"
查看证书信息:
openssl x509 -text -noout -in server.crt
生成ecc证书:
openssl ecparam -genkey -name prime256v1 -out server.key
# -name secp384r1
openssl req -new -x509 -days 3650 -key server.key -out server.cert
caddy使用上面自签名ssl的证书错误:
loading tls app module: provision tls: caching unmanaged certificate: certificate has no names
在签名时指定DNS名称为当前IP解决:
-addext 'subjectAltName=DNS:192.168.1.1,DNS:127.0.0.1'
参考:
https://security.stackexchange.com/questions/74345/provide-subjectaltname-to-openssl-directly-on-the-command-line
https://blog.csdn.net/qq_41827547/article/details/105682770
标签:none