生成SSL證書

使用openssl生成證書

openssl是目前最流行的SSL密碼庫工具，其提供了一個通用、健壯、功能完備的工具套件，用以支持SSL/TLS協議的實現。

好比生成到：/usr/local/ssl

生成命令

openssl req -x509 -nodes -days 36500 -newkey rsa:2048 -keyout /usr/local/ssl/nginx.key -out /usr/local/ssl/nginx.crt

生成過程：

# openssl req -x509 -nodes -days 36500 -newkey rsa:2048 -keyout /u    sr/local/ssl/nginx.key -out /usr/local/ssl/nginx.crt
Generating a 2048 bit RSA private key
...............................................................................+    ++
...............+++
writing new private key to '/usr/local/ssl/nginx.key'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:CN
State or Province Name (full name) []:beijing
Locality Name (eg, city) [Default City]:beijing
Organization Name (eg, company) [Default Company Ltd]:xxxx
Organizational Unit Name (eg, section) []:xxxx
Common Name (eg, your name or your server's hostname) []:xxxx（通常是域名）
Email Address []:xxxx@xxxx.com

下面是上述命令相關字段含義：

Country ，單位所在國家，爲兩位數的國家縮寫，如： CN 就是中國
State/Province ，單位所在州或省
Locality ，單位所在城市 / 或縣區
Organization ，此網站的單位名稱;
Organization Unit，下屬部門名稱;也經常用於顯示其餘證書相關信息，如證書類型，證書產品名稱或身份驗證類型或驗證內容等;
Common Name ，網站的域名;
Email Address ，郵箱地址

生成結果

在/usr/local/ssl目錄下會生成nginx.crt和nginx.key文件