Linux 自簽名 CA 本地主機 IP,安全 SSL 證書 for HTTPS
存放證書目錄
新建存放證書目錄,並進入:
mkdir certs
cd certs
成為證書頒發機構 CA
產生根私鑰:
openssl genrsa -des3 -out ftCA.key 2048
產生根簽名證書:
openssl req -x509 -new -nodes -key ftCA.key -sha256 -days 36500 -out ftCA.pem
產生 CA 簽名證書
產生私鑰:
penssl genrsa -out ft.com.key 2048
產生簽名證書請求:
openssl req -new -key ft.com.key -out ft.com.csr
產生擴展設定檔案:
IP.1 = 替換為您的本地主機 IP
vim ft.com.ext
authorityKeyIdentifier=keyid,issuer
basicConstraints=CA:FALSE
keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment
subjectAltName = @alt_names
[alt_names]
DNS.1 = ft.com # Be sure to include the domain name here because Common Name is not so commonly honoured by itself
DNS.2 = bar.ft.com # Optionally, add additional domains (I've added a subdomain here)
IP.1 = 192.168.1.233 # Optionally, add an IP address (if the connection which you have planned requires it)
產生簽名證書:
openssl x509 -req -in ft.com.csr -CA ftCA.pem -CAkey ftCA.key -CAcreateserial -out ft.com.crt -days 36500 -sha256 -extfile ft.com.ext
移除私鑰密碼
須移除私鑰密碼,否則使用的伺服器,如網頁伺服器 Nginx,使用時則須輸入密碼,否則將無法使用。
變更檔案名稱:
mv ft.com.key ft.com.key.raw
去除私鑰密碼:
openssl rsa -in ft.com.key.raw -out ft.com.key
刪除變更的檔案:
rm ./ft.com.key.raw
如何使用憑證
Chrome 設定
匯入根簽名證書:
![](https://i0.wp.com/footmark.com.tw/wp-content/uploads/2022/12/dc50fbda26df29519e5f2f1fc43eedf6.png?resize=1024%2C723&ssl=1)
![](https://i0.wp.com/footmark.com.tw/wp-content/uploads/2022/12/26b2099615f7ddff81a12ab5d67d4a69.png?resize=1024%2C726&ssl=1)
![](https://i0.wp.com/footmark.com.tw/wp-content/uploads/2022/12/a9cf71141f622b57022d4dbd32712759.png?resize=519%2C443&ssl=1)
![](https://i0.wp.com/footmark.com.tw/wp-content/uploads/2022/12/1dea9a310d6c706a959f4a03a81bd8eb.png?resize=513%2C432&ssl=1)
![](https://i0.wp.com/footmark.com.tw/wp-content/uploads/2022/12/85b9b4c6a811735df8c8c1fc15d04225.png?resize=513%2C432&ssl=1)
![](https://i0.wp.com/footmark.com.tw/wp-content/uploads/2022/12/9eee5e1dbe9800c66366b12dea523f94.png?resize=513%2C432&ssl=1)
![](https://i0.wp.com/footmark.com.tw/wp-content/uploads/2022/12/1bee410a2ba4bf9f4952a0c7237b996c.png?resize=513%2C432&ssl=1)
![](https://i0.wp.com/footmark.com.tw/wp-content/uploads/2022/12/1af7895d39f6242fdedc73d535e4d65e.png?resize=497%2C402&ssl=1)
![](https://i0.wp.com/footmark.com.tw/wp-content/uploads/2022/12/9aa9420099472688057aa9d57b3c6d7b.png?resize=203%2C178&ssl=1)
![](https://i0.wp.com/footmark.com.tw/wp-content/uploads/2022/12/e7a4b8c6d7fb6f86c0ea9c9cd79aafef.png?resize=519%2C443&ssl=1)
伺服器使用
在伺服器使用這兩個檔案:
- ft.com.crt
- ft.com.key
參考
![創用 CC 授權條款](https://i.creativecommons.org/l/by-sa/3.0/tw/88x31.png)
本著作係採用創用 CC 姓名標示-相同方式分享 3.0 台灣 授權條款授權.