openssl 生成SSL ca证书 p12信任库、密匙库

#CA根证书
openssl genrsa -des3 -out ca.key 2048
openssl req -new -x509 -days 3650 -key ca.key -out ca.crt

#服务器
openssl genrsa -out server.key 2048
openssl req -new -out server.csr -key server.key
openssl x509 -req -in server.csr -CA ca.crt -CAkey ca.key -CAcreateserial -out server.crt -days 3650

#客户端
openssl genrsa -out client.key 2048
openssl req -new -out client.csr -key client.key -subj "/C=CN/ST=GuangDong/L=ShenZhen/O=Server/OU=Gateway/CN=client cert"
openssl x509 -req -in client.csr -CA ca.crt -CAkey ca.key -CAcreateserial -out client.crt -days 3650

#p12信任库
openssl pkcs12 -export -in ca.crt -inkey ca.key -out ca.p12

#p12密匙库
openssl pkcs12 -export -in client.crt -inkey client.key -out client.p12