Cfssl 生成企业级证书
Cloudflare Cfssl usage
Offical Docs: https://github.com/cloudflare/cfssl
Compiling installing
git https://github.com/cloudflare/cfssl.git
cd cfssl
makeGenerating certificate
# Generating CA config.
#cfssl print-defaults config > config.json
# or ↓↓↓
cat <<-'EOF' > config.json
{
"signing": {
"default": {
"expiry": "87600h"
},
"profiles": {
"myapp1": {
"usages": [
"signing",
"key encipherment",
"server auth",
"client auth"
],
"expiry": "87600h"
}
}
}
}
EOF
# Generating CA certificate signing request.
#cfssl print-defaults csr > ca-csr.json
# or ↓↓↓
cat <<-'EOF' > ca-csr.json
{
"CN": "WL4G Root Certificate Authority",
"CA": {
"expiry": "87600h",
"pathlen": 0
},
"key": {
"algo": "rsa",
"size": 2048
},
"names": [
{
"C": "US",
"L": "San Francisco 12th street",
"O": "WL4G Company, Inc.",
"OU": "WWW Dept",
"ST": "California"
}
]
}
EOF
# Generating certificate signing request.
cat <<-'EOF' > csr.json
{
"hosts": [
"example.com",
"www.n1.example.com",
"https://www.n1.example.com",
"jdoe@example.com",
"127.0.0.1"
],
"CN": "example.com",
"key": {
"algo": "rsa",
"size": 2048
},
"names": [
{
"C": "CN",
"L": "GuangZhou TianHe 6th street",
"O": "My Company, Inc.",
"OU": "My Dept",
"ST": "GuangDong"
}
]
}
EOF
# Generating CA Root certificate
cfssl genkey -initca ca-csr.json | cfssljson -bare ca
# Generating certificate signing request and private key
#cfssl genkey ca-csr.json
# Generating certificate
cfssl gencert -ca=ca.pem -ca-key=ca-key.pem -config=config.json -profile=myapp1 csr.json | cfssljson -bare myapp1
# Print certificate
openssl x509 -in ca.pem -noout -text
openssl x509 -in cert.pem -noout -text