拷贝openssl.cnf
增加
[ req ]
default_bits = 2048
default_md = sha256
default_keyfile = privkey.pem
distinguished_name = req_distinguished_name
attributes = req_attributes
x509_extensions = v3_ca # The extentions to add to the self signed cert
string_mask = utf8only
req_extensions = v3_req # The extensions to add to a certificate request
[ v3_req ]
# Extensions to add to a certificate request
basicConstraints = CA:FALSE
keyUsage = nonRepudiation, digitalSignature, keyEncipherment
subjectAltName = @alt_names
[ alt_names ]
DNS.1 = www.aaa.com
DNS.2 = 192.168.1.222
IP.1 = 192.168.1.222
openssl req -new -nodes -keyout server2.key -out server2.csr -config openssl.cnf
openssl x509 -req -in ustack.csr -CA ca.crt -CAkey ca.key -CAcreateserial -out ustack.crt -days 3600 -extfile openssl.cnf -extensions v3_req