openssl生成证书
服务端:
openssl genrsa -des3 -out server.key 1024
openssl rsa -in server.key -out server.key
openssl req -new -key server.key -out server.csr
openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt
客户端:
openssl genrsa -des3 -out client.key 1024
openssl req -new -key client.key -out client.csr
openssl x509 -req -days 365 -in client.csr -signkey client.key -out client.crt
openssl pkcs12 -export -in client.crt -inkey client.key -out client.pfx
openssl pkcs12 -export -clcerts -in client.crt -inkey client.key -out client.p12
openssl pkcs12 -in client.p12 -out client.pem -nokeys #客户端个人证书的公钥
openssl pkcs12 -in client.p12 -out key.pem -nocerts -nodes #客户端个人证书的私钥
也可以转换为公钥与私钥合二为一的文件;
openssl pkcs12 -in client.p12 -out clientkey.pem -nodes #客户端公钥与私钥,一起存在all.pem中
openssl dhparam -out dh4096.pem 4096