# 生成CA证书 openssl genrsa -out ca/ca-key.pem 2048 openssl req -new -out ca/ca-req.csr -key ca/ca-key.pem ----- Country Name (2 letter code) [AU]:cn State or Province Name (full name) [Some-State]:guangdong Locality Name (eg, city) []:shenzhen Organization Name (eg, company) [Internet Widgits Pty Ltd]:jxk Organizational Unit Name (eg, section) []:jxk Common Name (e.g. server FQDN or YOUR name) []:root Email Address []:test Please enter the following 'extra' attributes to be sent with your certificate request A challenge password []:123456 An optional company name []:123456 openssl x509 -req -in ca/ca-req.csr -out ca/ca-cert.pem -signkey ca/ca-key.pem -days 3650 openssl pkcs12 -export -clcerts -in ca/ca-cert.pem -inkey ca/ca-key.pem -out ca/ca.p12 # 生成server证书 openssl genrsa -out server/server-key.pem 2048 openssl req -new -out server/server-req.csr -key server/server-key.pem ----- Country Name (2 letter code) [AU]:cn State or Province Name (full name) [Some-State]:guangdong Locality Name (eg, city) []:shenzhen Organization Name (eg, company) [Internet Widgits Pty Ltd]:jxk Organizational Unit Name (eg, section) []:jxk Common Name (e.g. server FQDN or YOUR name) []:127.0.0.1 Email Address []:test Please enter the following 'extra' attributes to be sent with your certificate request A challenge password []:123456 An optional company name []:123456 openssl x509 -req -in server/server-req.csr -out server/server-cert.pem -signkey server/server-key.pem -CA ca/ca-cert.pem -CAkey ca/ca-key.pem -CAcreateserial -days 3650 openssl pkcs12 -export -clcerts -in server/server-cert.pem -inkey server/server-key.pem -out server/server.p12 # 生成client证书 openssl genrsa -out client/client-key.pem 2048 openssl req -new -out client/client-req.csr -key client/client-key.pem ----- Country Name (2 letter code) [AU]:cn State or Province Name (full name) [Some-State]:guangdong Locality Name (eg, city) []:shenzhen Organization Name (eg, company) [Internet Widgits Pty Ltd]:jxk Organizational Unit Name (eg, section) []:jxk Common Name (e.g. server FQDN or YOUR name) []:root Email Address []:test Please enter the following 'extra' attributes to be sent with your certificate request A challenge password []:123456 An optional company name []:123456 openssl x509 -req -in client/client-req.csr -out client/client-cert.pem -signkey client/client-key.pem -CA ca/ca-cert.pem -CAkey ca/ca-key.pem -CAcreateserial -days 3650 openssl pkcs12 -export -clcerts -in client/client-cert.pem -inkey client/client-key.pem -out client/client.p12