使用 openssl 自簽 SSL/TLS 憑證

寫在前面: 自簽憑證建議只拿來測試用，其他情境請使用簡單又方便的 Let’s Encrypt / Certbot

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15


# 定義欄位資訊
OPENSSL_COUNTRY="TW"
OPENSSL_STATE="Taiwan"
OPENSSL_LOCATION="Kaohsiung City"
OPENSSL_ORGANIZATION="Calos"
OPENSSL_ORGANIZATION_UNIT="Blog"
OPENSSL_HOST="caloskao.org"

# 產生 subject
OPENSSL_SUBJ="/C=$OPENSSL_COUNTRY/ST=$OPENSSL_STATE/L=$OPENSSL_LOCATION/O=$OPENSSL_ORGANIZATION/OU=$OPENSSL_ORGANIZATION_UNIT/CN=$OPENSSL_HOST"

# 產生憑證
openssl req -new -newkey rsa:4096 -days 3650 \
    -nodes -x509 -subj "$OPENSSL_SUBJ" \
    -keyout $OPENSSL_HOST.key -out $OPENSSL_HOST.pem

將 pem 轉 crt 的指令

1

openssl x509 -outform der -in your-cert.pem -out your-cert.crt

Reference: Create a self-signed certificate using OpenSSL | by Allan Sun | 隨筆雜記