参考 https://majing.io/posts/10000050311000
openssl rand -writerand ~/.rnd openssl req -x509 -nodes -new -sha256 -days 10240 -newkey rsa:2048 -keyout RootCA.key -out RootCA.pem -subj "/C=US/CN=WSS-Root-CA" openssl x509 -outform pem -in RootCA.pem -out RootCA.crt
生成根证书
authorityKeyIdentifier=keyid,issuer basicConstraints=CA:FALSE keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment subjectAltName = @alt_names [alt_names] DNS.1 = localhost DNS.2 = oakfire-wss.local
openssl req -new -nodes -newkey rsa:2048 -keyout localhost.key -out localhost.csr -subj "/C=CN/ST=Tianjin/L=Tianjin/O=Oakfire-Wss-Certificates/CN=localhost.local" openssl x509 -req -sha256 -days 10240 -in localhost.csr -CA RootCA.pem -CAkey RootCA.key -CAcreateserial -extfile domains.ext -out localhost.crt
certmgr.msc
或 certlm.msc
来导入。