linux 自签证书 https (chrome 58版本以上的认证体系方法)

mkdir /opt/ssl_san && cd /opt/ssl_san
mkdir ca cert && cd ca
openssl genrsa -out ca.key 2048
openssl req -new -x509 -days 3650 -keyout ca.key -out ca.crt    --3650=10年
cd ../cert/
openssl genrsa -des3 -out server.key 1024
openssl rsa -in server.key -out server.key

cat >san.cfg<<EOF
[ req ]
default_bits = 2048
default_keyfile = server.key
distinguished_name = req_distinguished_name
req_extensions = req_ext
[ req_distinguished_name ]
countryName = Country Name (2 letter code)
countryName_default = CN
stateOrProvinceName = State or Province Name (full name)
stateOrProvinceName_default = GD
localityName = Locality Name (eg, city)
localityName_default = SZ
organizationName = Organization Name (eg, company)
organizationName_default = zhuzhi  --自己公司的名称
commonName = Common Name (e.g. server FQDN or YOUR name)
commonName_max = 64
organizationalUnitName = Organizational Unit Name (eg, section)
organizationalUnitName_default = TEST
commonName = CommonName
commonName_default = *.test.fuck.com 
commonName_max = 64
emailAddress = c.ma@ctrip.com
emailAddress_max = 64
emailAddress_default =
[ req_ext ]
subjectAltName = @alt_names
[alt_names]
DNS.1 = package.test.fuck.com
DNS.2 = members.test.fuck.com
DNS.3 = m.test.fuck.com
DNS.4 = tours.test.fuck.com
DNS.5 = cruises.test.fuck.com
DNS.6 = imagery.test.fuck.com
DNS.7 = webresource.test.fuck.com
DNS.8 = cuckoo.test.fuck.com
EOF

openssl req -new -days 3650 -key server.key -out server.csr -config san.cfg
openssl x509 -req -days 3650 -in server.csr -CA ../ca/ca.crt -CAkey ../ca/ca.key -CAcreateserial -out server.crt -extensions req_ext -extfile san.cfg
openssl x509 -in server.crt -text -noout | grep DNS  --查看
openssl pkcs12 -export -out server.pfx -inkey server.key -in server.crt

原文地址:https://www.cnblogs.com/lsy2013/p/linux.html