SSL的原理先不说，这里先把证书的生成以及CA的生成和签名记录一下：



1.1.服务端密钥

openssl genrsa -des3 -out server.key 2048

PEM pass phrase:123456

1.2.密钥去密码

openssl rsa -in server.key -out server.key [cancel password]

pass phrase:123456 [ca password]

1.3.生成请求签名文件

openssl req -new -key server.key -out server.csr



2.1.客户端密钥

openssl genrsa -des3 -out client.key 2048

PEM pass phrase:123456

2.2.密钥去密码

openssl rsa -in client.key -out client.key [cancel password]

pass phrase:123456 [ca password]

2.3.生成请求签名文件

openssl req -new -key client.key -out client.csr



3.1.生成CA密钥

openssl genrsa -des3 -out ca.key 2048

PEM pass phrase:123456

3.2.密钥去密码

openssl rsa -in ca.key -out ca.key [cancel password]

pass phrase:123456 [ca password]

3.3.生成证书

openssl req -new -x509 -key ca.key -out ca.crt



4.1.一个脚本，作用没深究

/usr/lib/ssl/misc/CA.pl -newca

:ca.crt

4.2.由CA签名证书

openssl ca -in server.csr -out server.crt -cert ca.crt -keyfile ca.key -config openssl.cnf

openssl ca -in client.csr -out client.crt -cert ca.crt -keyfile ca.key -config openssl.cnf