這是本文件的舊版!
Gen key
openssl genrsa -out cakey.pem 4096
Gen CA
openssl req -x509 -new -nodes -key cakey.pem -days 3650 -out cacert.pem
Gen cert key
openssl genrsa -out key.pem 4096
Gen csr
openssl req -new -key key.pem -out csr.pem -sha256
Gen DH
openssl dhparam -out dh.pem 2048
Self-signed
openssl x509 -req -in csr.pem -CA cacert.pem -CAkey cakey.pem -CAcreateserial -out cert.pem -days 365
Convert to pfx format
openssl pkcs12 -export -out myserver.pfx -inkey myserver.key -in myserver.crt
Verify cert openssl x509 -noout -text -in cert.pem openssl req -noout -text -in
Single cert
openssl genrsa -out bluenet-ride.com.key 4096 openssl req -new -key registry.bluenet-ride.com.key -out registry.bluenet-ride.com.key.csr openssl x509 -req -days 365 -in bluenet-ride.com.csr -signkey bluenet-ride.com.key -out bluenet-ride.com.crt
Convert to PKCS12 format
openssl pkcs12 -inkey bob_key.pem -in bob_cert.cert -export -out bob_pfx.pfx
