创建rsa自签根证书
openssl genrsa -out ca.key 2048
openssl req -x509 -new -nodes -key ca.key -sha256 -days 3650 -out ca.crt
#查看生成的证书数据
openssl x509 -in ca.crt -text -noout
使用p10签发证书
#查看p10数据
openssl req -in request.p10 -text -noout
#使用request.p10 签发issued_cert.crt证书
openssl x509 -req -in request.p10 -CA ca.crt -CAkey ca.key -CAcreateserial -out issued_cert.crt -days 365 -sha256
#查看证书数据
openssl x509 -in issued_cert.crt -text -noout
签发sm2证书
#查看支持算法
openssl list -public-key-algorithms
#生成sm2私钥
openssl ecparam -genkey -name SM2 -out ca.key
#生成sm2自签根证书
openssl req -x509 -new -key ca.key -sm3 -days 3650 -out ca.crt
#生成子证书
openssl ecparam -genkey -name SM2 -out server.key
#生成子证书请求
openssl req -new -key server.key -sm3 -out server.csr
#签名sm2证书
openssl x509 -req -in server.csr -CA ca.crt -CAkey ca.key -CAcreateserial -out server.crt -days 365 -sm3
#使用tongsuo编译
export LD_LIBRARY_PATH=/usr/local/tongsuo/lib64:$LD_LIBARAY_PATH
/usr/local/tongsuo/bin/openssl x509 -req -in server.csr -CA ca.crt -CAkey ca.key -CAcreateserial -out server.crt -days 365 -sm3
评论区