前言
在進行SSL測試之前要先把相關憑證都弄好, 但因為是自己測試
所以就要自己身兼多職, 當ROOT_CA, SUB_CA, SERVER_A, SERVER_B
全部都自己來, 哈
ROOT-CA
產生ROOT CA Certificate
Generate Key Pair
openssl genrsa -aes256 -out root/root.ca.pri.key 4096password: 1234
Generate Root CA Certificate
openssl req -new -x509 -days 365 -sha256 \
-subj "/C=TW/ST=Taipei/O=SuperRootCA/OU=IT/CN=www.superRootCA.com" \
-key root.ca.pri.key \
-out root_ca/root_ca.crtSUB-CA
產生Sub CA Certificate
Generate Key Pair
openssl genrsa -aes256 -out sub.ca.pri.key 4096password: 1234
Generate CSR
openssl req -new -sha256 -key sub.ca.pri.key \
-subj "/C=TW/ST=Taipei/O=ImSubCA/OU=IT/CN=www.subca.com" \
-out sub_ca.csrSend CSR to Root-CA
Received Sub-CA Certificate
openssl x509 -req -CAcreateserial -days 30 -sha256 \
-CA root_ca.crt \
-CAkey root.ca.pri.key \
-in sub_ca.csr \
-out sub_ca.crtServerA
host: localhost:5001
Generate Key Pari
openssl genrsa -out server.a.pri.key 4096Generate CSR
openssl req -new -sha256 -key server.a.pri.key \
-subj "/C=TW/ST=Taipei/O=ImServerA/OU=IT/CN=www.serverA.com" \
-out server_a.csrSend CSR to Sub-CA
Received Server SSL Certificate
openssl x509 -req -CAcreateserial -days 30 -sha256 \
-CA sub_ca.crt \
-CAkey sub.ca.pri.key \
-in server_a.csr \
-out server_a.crtServerB
host: localhost:5002
Generate Key Pari
openssl genrsa -out server.b.pri.key 4096Generate CSR
openssl req -new -sha256 -key server.b.pri.key \
-subj "/C=TW/ST=Taipei/O=ImServerB/OU=IT/CN=www.serverB.com" \
-out server_b.csrSend CSR to Sub-CA
Received Server SSL Certificate
openssl x509 -req -CAcreateserial -days 30 -sha256 \
-CA sub_ca.crt \
-CAkey sub.ca.pri.key \
-in server_b.csr \
-out server_b.crt結語
目前這樣就算把相關憑證都產生完了, 之後就是進行憑證的掛載還有API的測試了