本文介绍如何在 CentOS 系统中生成自签名 SSL 证书(适用于开发或内网环境)。
1. 检查 OpenSSL
openssl version
如未安装:
yum install -y openssl
2. 生成私钥(server.key)
openssl genrsa -out server.key 2048
3. 生成证书请求(CSR)
openssl req -new -key server.key -out server.csr
填写信息时,Common Name 建议填写 localhost 或服务器 IP。
4. 生成自签名证书(server.crt)
openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt
5.(推荐)生成支持 SAN 的证书
创建配置文件:
vim openssl.cnf
[req]
default_bits = 2048 distinguished_name = req_distinguished_name req_extensions = req_ext x509_extensions = v3_req prompt = no
[req_distinguished_name]
C = CN ST = Shanxi L = Taiyuan O = MyCompany OU = IT CN = localhost
[req_ext]
subjectAltName = @alt_names
[v3_req]
subjectAltName = @alt_names
[alt_names]
DNS.1 = localhost IP.1 = 127.0.0.1
生成证书:
openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout server.key -out server.crt -config openssl.cnf
6. 生成结果
- server.key(私钥)
- server.crt(证书)