0x00 ?創(chuàng)建CA私鑰

openssl genrsa -out ca.key.txt -aes256 8192

0x01 ?創(chuàng)建CA證書申請

openssl req -new -key ca.key.txt -out ca.csr ?-config C:\OpenSSL\openssl.cnf

0x02 ?創(chuàng)建CA證書

openssl x509 -req -days 365 -sha512 -in ca.csr -signkey ca.key.txt -out ca.crt

0x03 ?創(chuàng)建服務器私鑰

openssl genrsa -out server.key.txt -aes256 8192

0x04 ?創(chuàng)建服務器證書申請

openssl req -new -key server.key.txt -out server.csr ?-config C:\OpenSSL\openssl.cnf

0x05 ?創(chuàng)建服務器證書

openssl x509 -req -days 3650 -CA ca.crt -CAkey ca.key.txt -CAserial ca.srl -CAcreateserial -in server.csr -out server.crt

0x06 ?創(chuàng)建客戶端私鑰

openssl genrsa -out client.key.txt -aes256 2048

0x07 ?創(chuàng)建客戶端證書申請

openssl req -new -key client.key.txt -out client.csr ?-config C:\OpenSSL\openssl.cnf

0x08 ?創(chuàng)建客戶端證書

openssl x509 -req -days 3650 -sha512 -CA ca.crt -CAkey ca.key.txt -CAserial ca.srl -in client.csr -out client.crt

0x09 ?將客戶端證書轉(zhuǎn)換為PKCS12格式

openssl pkcs12 -export -in client.crt -inkey client.key.txt -out client.pfx