1. 生成CA
openssl genrsa -out CA_neonone.com.key 2048 openssl req -x509 -new -nodes -key CA_neonone.com.key -sha256 -days 1024 -out CA_neonone.com.pem
2. 生成csr
openssl genrsa -out neonone.com.key 2048 openssl req -new -key neonone.com.key -out neonone.com.csr
3. 新建v3.ext文件
authorityKeyIdentifier=keyid,issuer extendedKeyUsage = serverAuth, clientAuth, codeSigning, emailProtection basicConstraints=CA:FALSE keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment
4. 生成证书
openssl x509 -req -in neonone.com.csr -CA CA_neonone.com.pem -CAkey CA_neonone.com.key -CAcreateserial -out neonone.com.pem -days 365 -sha256 -extfile v3.ext
5. 转换成pfx
openssl pkcs12 -inkey neonone.com.key -in neonone.com.pem -export -out neonone.com.pfx
6. 导入win7
运行 Certmgr.msc
6.1 导入根证书
6.2 导入客户端证书
7. 上传根证书到aws workspace ad
