生成CA (勾选Generate Self Signed Certificate)
openssl req -nodes -x509 -sha256 -newkey rsa:4096 -keyout "CA.ABC.LOCAL.key" -out "CA.ABC.LOCAL.crt" -days 365 -subj "/C=CN/ST=ZJ/L=HZ/O=ABC/OU=IT/CN=CA.ABC.LOCAL"
生成CSR证书请求 (不勾选Generate Self Signed Certificate)
openssl req -nodes -sha256 -newkey rsa:4096 -keyout "DC1.ABC.LOCAL.key" -out "DC1.ABC.LOCAL.csr" -subj "/C=CN/ST=ZJ/L=HZ/O=ABC/OU=IT/CN=DC1.ABC.LOCAL"
生成CRT
openssl ca -in DC1.ABC.LOCAL.csr -out DC1.ABC.LOCAL.crt -cert CA.ABC.LOCAL.crt -keyfile CA.ABC.LOCAL.key
CRT + KEY, 生成PFX
openssl pkcs12 -export -inkey DC1.ABC.LOCAL.key -in DC1.ABC.LOCAL.crt -out DC1.ABC.LOCAL.pfx
参考资料:
http://rhythm-zju.blog.163.com/blog/static/310042008015115718637/
http://dingtongxue1990.blog.51cto.com/4959501/1668838
https://raymii.org/s/software/OpenSSL_Command_Generator.html
https://www.myssl.cn/
https://www.chinassl.net/