====== 给 localhost 添加CA证书 ======
参考 [[https://majing.io/posts/10000050311000]]
- 在 Ubuntu 18.04 上执行
openssl rand -writerand ~/.rnd
openssl req -x509 -nodes -new -sha256 -days 10240 -newkey rsa:2048 -keyout RootCA.key -out RootCA.pem -subj "/C=US/CN=WSS-Root-CA"
openssl x509 -outform pem -in RootCA.pem -out RootCA.crt
生成根证书
- 创建文件 domains.ext, 写入以下内容
authorityKeyIdentifier=keyid,issuer
basicConstraints=CA:FALSE
keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment
subjectAltName = @alt_names
[alt_names]
DNS.1 = localhost
DNS.2 = oakfire-wss.local
- 继续执行
openssl req -new -nodes -newkey rsa:2048 -keyout localhost.key -out localhost.csr -subj "/C=CN/ST=Tianjin/L=Tianjin/O=Oakfire-Wss-Certificates/CN=localhost.local"
openssl x509 -req -sha256 -days 10240 -in localhost.csr -CA RootCA.pem -CAkey RootCA.key -CAcreateserial -extfile domains.ext -out localhost.crt
- 拷贝 localhost.key, localhost.crt 作为站点证书
- 在 win10 上右键 RootCA.crt 导入 【受信任的根证书颁发机构】, 重启 chrome。 win7 打开''certmgr.msc'' 或 ''certlm.msc'' 来导入。