自签根证书并颁发服务器证书

根证书 Root CA

# 生成密钥
openssl genrsa -des3 -out rootCA.key 4096
# 签发证书
openssl req -x509 -new -nodes -key rootCA.key -sha256 -days 36500 -out rootCA.crt -subj "/CN=Root CA"

生成 服务器私钥

openssl genrsa -out wildcard.key 2048

配置 主题备用名称 Subject Alternative Name

# Red Hat   /etc/pki/tls/openssl.cnf
# Debian    /etc/ssl/openssl.cnf
# Mac       /etc/ssl/openssl.cnf
(cat /etc/ssl/openssl.cnf <(printf "\n[SAN]\nsubjectAltName=DNS:*.feitsui.com,IP:104.196.243.170\n")) > wildcard.cnf

生成 证书签名请求 Certificate Signing Request

openssl req -new -sha256 -key wildcard.key -subj "/CN=*.feitsui.com" -reqexts SAN -config wildcard.cnf -out wildcard.csr

签发 服务器证书

openssl x509 -req -in wildcard.csr -CA rootCA.crt -CAkey rootCA.key -CAcreateserial -out wildcard.crt -days 365 -sha256 -extfile wildcard.cnf -extensions SAN

查看证书签名请求

openssl req -in wildcard.csr -noout -text