openssl自签发证书
key crt 自签
DOMAIN=www.example.com
openssl genrsa -out ${DOMAIN}.key # 生成私有key
openssl req -x509 -new -nodes -key ${DOMAIN}.key -subj "/CN=${DOMAIN}" -days 3650 -out ${DOMAIN}.crt #签证
[0 root@vps /tmp] # ll
total 8
-rw-r--r-- 1 root root 1127 Apr 22 20:15 www.example.com.crt
-rw------- 1 root root 1675 Apr 22 20:15 www.example.com.key
DOMAIN=www.example.com
# 生成CA证书
openssl req -newkey rsa:4096 -nodes -sha256 -keyout ca.key -x509 -subj "/CN=${DOMAIN}" -days 365 -out ca.crt
# 生成harbor主机的证书申请
openssl req -newkey rsa:4096 -nodes -sha256 -subj "/CN=${DOMAIN}" -keyout ${DOMAIN}.key -out ${DOMAIN}.csr
# 给harbor主机颁发证书
openssl x509 -req -in ${DOMAIN}.csr -CA ca.crt -CAkey ca.key -CAcreateserial -out ${DOMAIN}.crt
# 生成pem(见下方式二)
cat ${DOMAIN}.crt ${DOMAIN}.key |tee ${DOMAIN}.pem
[0 root@vps /tmp] # ll
total 24
-rw-r--r-- 1 root root 1818 Apr 22 20:17 ca.crt
-rw------- 1 root root 3272 Apr 22 20:17 ca.key
-rw-r--r-- 1 root root 41 Apr 22 20:17 ca.srl
-rw-r--r-- 1 root root 1700 Apr 22 20:17 www.domain.com.crt
-rw-r--r-- 1 root root 1590 Apr 22 20:17 www.domain.com.csr
-rw------- 1 root root 3272 Apr 22 20:17 www.domain.com.key
pem 自签
# 生成pem证书
openssl genrsa > privkey.pem
openssl req -new -x509 -key privkey.pem > fullchain.pem
# crt key 转化为pem
cat xxx.crt xxx.key |tee xxx.pem
pem 证书转换为 crt key
1. 文件重命名
xx.pem --> xx.crt
xx.key --> xx.key
2. 转化
# pem 转化为 crt
openssl x509 -in fullchain.pem -out fullchain.crt
openssl x509 -in fullchain.pem -out fullchain.crt -outform der
# pem转key格式
openssl rsa -in privkey.pem -out privkey.key
PS:
https://www.ideawu.net/blog/archives/826.html
https://www.cnblogs.com/along21/p/7595912.html
https://blog.51cto.com/u_9843231/2466504 X509证书详解(中文翻译)
转换证书格式
