生成自签名CA证书和https证书 - xiaohao0576/odoo-doc GitHub Wiki

#!/bin/bash

# 生成 CA 私钥
openssl genrsa -out ca.key 4096

# 生成 CA 根证书
openssl req -x509 -new -nodes -key ca.key -sha256 -days 10240 -out ca.crt -subj "/CN=HoganTech CA"

# 生成服务器私钥
openssl genrsa -out server.key 2048

# 生成证书签名请求 (CSR)
openssl req -new -key server.key -out server.csr -subj "/CN=*.hogantech.net"

# 创建一个配置文件，添加 Subject Alternative Name (SAN)
cat > server.ext << EOF
authorityKeyIdentifier=keyid,issuer
basicConstraints=CA:FALSE
keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment
subjectAltName = @alt_names

[alt_names]
DNS.1 = *.hogantech.net
IP.1 = 127.0.0.1
EOF

# 使用 CA 根证书签发服务器证书
openssl x509 -req -in server.csr -CA ca.crt -CAkey ca.key -CAcreateserial -out server.crt -days 3650 -sha256 -extfile server.ext

# 清理临时文件
rm server.csr server.ext ca.srl

echo "证书生成完成。"
echo "CA 根证书: ca.crt"
echo "服务器私钥: server.key"
echo "服务器证书: server.crt"

导入自签名ca.crt证书到Linux Mint操作系统

sudo cp ca.crt /usr/local/share/ca-certificates/

sudo update-ca-certificates