使用 OpenSSL 建立 Self-Signed Certificate

以 Windows 系統為例,開發環境已安裝 Git,直接使用 Git 的 OpenSSL,路徑 C:\Program Files\Git\usr\bin\openssl.exe,版本 3.1.1

建立憑證

建立 test.conf

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
[req]
default_md = sha256
default_bits = 2048
distinguished_name = req_distinguished_name
x509_extensions = v3_ca
prompt = no

[req_distinguished_name]
C = TW
ST = Taiwan
L = New Taipei
O = Test Inc.
OU = IT Department
CN = localhost
emailAddress = [email protected]

[v3_ca]
subjectAltName = @subject_alt_names
extendedKeyUsage = serverAuth

[subject_alt_names]
DNS.1 = *.test.com

建立 .key.crt

1
"C:\Program Files\Git\usr\bin\openssl.exe" req -x509 -new -newkey rsa -noenc -utf8 -days 30 -keyout C:\Projects\Certificates\test.key -out C:\Projects\Certificates\test.crt -config C:\Projects\Certificates\test.conf

建立 .pfx

1
"C:\Program Files\Git\usr\bin\openssl.exe" pkcs12 -export -in C:\Projects\Certificates\test.crt -inkey C:\Projects\Certificates\test.key -out C:\Projects\Certificates\test.pfx -name "Test Certificate"

OpenSSL