server.crt安装证书到服务器受信人存储
server才的pfx文件, 并输入密码

openssl genrsa -out ca.key
openssl req -out ca.crt -key ca.key -x509 -days 730 -subj "/C=CN/ST=BeiJing/L=BeiJing/O=MyCA/CN=MyCA/emailAddress=10000@qq.com"
CertUtil -addstore root ca.crt
openssl genrsa -out server.key

server.cnf

[req]
prompt = no
distinguished_name = req_distinguished_name_no_prompt

[req_distinguished_name_no_prompt]
countryName            = US
stateOrProvinceName    = California
localityName           = San Francisco
organizationName       = Google
organizationalUnitName = IT
emailAddress           = 10000@qq.com
commonName             = example.com

[v3_req]
subjectAltName = @alt_names

[alt_names]
DNS.1 = example.com
DNS.2 = *.example.com

openssl req -new -key server.key -out server.csr -config server.cnf
openssl x509 -req -CA ca.crt -CAkey ca.key -in server.csr -out server.crt -CAcreateserial -extfile server.cnf -extensions v3_req

转载请注明：SuperIT » 自签名证书