截錄如下:
rem CA.key
c:openssl genrsa -out CA.key -des3 -passout pass:PasswordCAKey 4096
rem CA.crt
c:openssl req -x509 -sha256 -new -nodes -days 383 -key CA.key -out CA.crt -passin pass:PasswordCAKey -passout pass:PasswordCACrt -config CAConfig.cnf
rem Cert.key
c:openssl genrsa -out Cert.key -passout pass:PasswordCertKey 2048
rem Cert.csr
c:openssl req -new -sha256 -nodes -key Cert.key -out Cert.csr -passout pass:PasswordCertCsr -config CertConfig.cnf
rem Cert.crt
c:openssl x509 -req -in Cert.csr -CA CA.crt -CAkey CA.key -CAcreateserial -out Cert.crt -days 383 -sha256 -passin pass:PasswordCAKey -extfile v3.ext
BuildCert 執行紀錄:
Certificate request self-signature ok
subject=C = TW, ST = Taiwan, L = Taipei, O = 011IdvTw, OU = WWW011IdvTw, emailAddress = 011netservice@gmail.com, CN = *.011.idv.tw
CA.crt:
notAfter=Jan 1 13:57:15 2024 GMT
sha256 Fingerprint=3F:60:46:8F:9C:3E:C4:98:4F:C0:D6:20:E8:9B:5B:AF:A3:07:4C:81:4C:B4:E1:68:04:F9:50:49:1C:F7:BE:F9
Cert.crt:
notAfter=Jan 1 13:57:16 2024 GMT
sha256 Fingerprint=9C:90:F3:23:69:77:6C:0C:72:9C:04:44:D0:65:C4:A9:64:5C:17:E1:4E:0F:06:FB:B1:F4:4A:E0:6A:F3:3A:0F