SSL自建证书

ssl证书生成

1
2
3
4
5
6
openssl genrsa -out harbor_server.key 2048
openssl req -new -out harbor_server.csr -key harbor_server.key -config openssl.cnf
openssl x509 -req -days 36500 -in harbor_server.csr -signkey harbor_server.key -out harbor_server.crt -extensions v3_req -extfile openssl.cnf

# docker 需要这种格式
openssl x509 -inform PEM -in harbor_server.crt  -out harbor_server.cert

参考openssl.cnf

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
[req]
distinguished_name = harbor  #对应下方[hyjj]
req_extensions = harbor_req  #对应下方[hyjj_req]

[hyjj]
countryName = Country Name (2 letter code)
countryName_default = CN
stateOrProvinceName = State or Province Name (full name)
stateOrProvinceName_default = SD
localityName = Locality Name (eg, city)
localityName_default = JiNan
organizationalUnitName  = Organizational Unit Name (eg, section)   
organizationalUnitName_default  = He Yan Jiu Ji
commonName = harbor.hyjj.com
commonName_max  = 64

[hyjj_req]
# Extensions to add to a certificate request
basicConstraints = CA:FALSE
keyUsage = nonRepudiation, digitalSignature, keyEncipherment
subjectAltName = @alt_names

[alt_names]
DNS.1 = harbor.xxiao.com
IP.1 = 192.168.1.1

win安装脚本

certmgr.exe需要预先下载

certmgr.exe

1
2
3
4
5
6
7
8
9
10
@echo off

%1 mshta vbscript:CreateObject("Shell.Application").ShellExecute("cmd.exe","/c %~s0 ::","","runas",1)(window.close)&&exit

cd /d "%~dp0"

.\certmgr.exe -add .\harbor_server.crt -c -s -r localMachine TrustedPublisher
.\certmgr.exe -add .\harbor_server.crt -c -s -r localMachine Root
pause

工作记录
#SSL #证书
SSL自建证书
http://xxiao.top/2023/12/08/SSL自建证书/
作者
XiaoXiao
发布于
2023年12月8日
许可协议