如何使用openssl创建自签名证书？ [英] How to create a self-signed certificate with openssl?

问题描述

我要为嵌入式Linux设备添加https支持。我已经尝试通过以下步骤生成自签名证书：

I'm adding https support to an embedded linux device. I have tried to generate a self-signed certificate with these steps:

openssl req -new > cert.csr
openssl rsa -in privkey.pem -out key.pem
openssl x509 -in cert.csr -out cert.pem -req -signkey key.pem -days 1001
cat key.pem>>cert.pem

，google chrome：

This works, but I get some errors with, for example, google chrome:

这可能不是您要查找的网站！

网站的安全性证书不是信任！

This is probably not the site you are looking for!
The site's security certificate is not trusted!

我错过了什么？

推荐答案

您可以在一个命令中执行此操作：

You can do that in one command:

openssl req -x509 -newkey rsa:4096 -keyout key.pem -out cert.pem -days 365

如果您不想保护您的私人帐户，您还可以添加 -nodes 键带有密码，否则会提示您输入至少4个字符的密码。 days参数（365）可以用任何数字替换，以影响到期日期。

You can also add -nodes if you don't want to protect your private key with a passphrase, otherwise it will prompt you for "at least a 4 character" password. The days parameter (365) you can replace with any number to affect expiration date. It will then prompt you for things like "Country Name" but you can just hit enter and accept defaults.

自签名证书不会与任何第三方进行验证，除非您将它们先导入浏览器。如果您需要更多安全性，则应使用CA签署的证书。

Self-signed certs are not validated with any third party unless you import them to the browsers previously. If you need more security, you should use a certificate signed by a CA.

这篇关于如何使用openssl创建自签名证书？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！