Network Security Internet Technology Development Database Servers Mobile Phone Android Software Apple Software Computer Software News IT Information

In addition to Weibo, there is also WeChat

Please pay attention

WeChat public account

Shulou

How to generate self-signed Certificate in OpenSSL

2025-03-31 Update From: SLTechnology News&Howtos shulou NAV: SLTechnology News&Howtos > Servers >

Share

Shulou(Shulou.com)06/01 Report--

This article shows you how to generate a self-signed certificate in OpenSSL, the content is concise and easy to understand, it will definitely brighten your eyes. I hope you can get something through the detailed introduction of this article.

Generate CA certificate generate private key openssl genrsa-out ca.key 4096

Generate a certificate

Set the-subj option based on your organization or individual. If you use domain name (FQDN) access, you need to set CN as the domain name.

Openssl req-x509-new-nodes-sha512-days 3650\

-subj "/ C=CN/ST=Beijing/L=Beijing/O=example/OU=Personal/CN=yourdomain.com"\

-key ca.key\

-out ca.crt

Generate server-side certificates

A certificate usually consists of two parts: a .crt file and a .key file, such as the next generated yourdomain.com.crt and yourdomain.com.key.

Generate private key openssl genrsa-out yourdomain.com.key 4096

Generate a certificate signing request file (CSR)

Set the-subj option based on your organization or individual. If you use domain name (FQDN) access, you need to set CN to the domain name and use the domain name as the file name of the private key file and certificate signing request file.

Openssl req-sha512-new\

-subj "/ C=CN/ST=Beijing/L=Beijing/O=example/OU=Personal/CN=yourdomain.com"\

-key yourdomain.com.key\

-out yourdomain.com.csr

About the-subj option:

-subj is used to set Subject Name

Where C stands for Country or Region

ST stands for State/Province

L stands for Locality

O stands for Organization

OU stands for Organization Unit

CN stands for Common Name

❞generates x509 v3 extension files

Whether you are using a domain name or IP for access, you must use an x509 v3 extension file to generate a domain name certificate that meets the requirements of SAN (Subject Alternative Name) and x509 v3 extension. Map to the domain name by setting the DNS entry.

Cat > v3.ext

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.

Views: 0

*The comments in the above article only represent the author's personal views and do not represent the views and positions of this website. If you have more insights, please feel free to contribute and share.

Share To

Servers

Wechat

© 2024 shulou.com SLNews company. All rights reserved.

12
Report