给 localhost 添加CA证书

参考 https://majing.io/posts/10000050311000

1. 在 Ubuntu 18.04 上执行

   openssl rand -writerand ~/.rnd
    
   openssl req -x509 -nodes -new -sha256 -days 10240 -newkey rsa:2048 -keyout RootCA.key -out RootCA.pem -subj "/C=US/CN=WSS-Root-CA"
    
   openssl x509 -outform pem -in RootCA.pem -out RootCA.crt

   生成根证书

2. 创建文件 domains.ext， 写入以下内容

   authorityKeyIdentifier=keyid,issuer
   basicConstraints=CA:FALSE
   keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment
   subjectAltName = @alt_names
   [alt_names]
   DNS.1 = localhost
   DNS.2 = oakfire-wss.local

3. 继续执行

   openssl req -new -nodes -newkey rsa:2048 -keyout localhost.key -out localhost.csr -subj "/C=CN/ST=Tianjin/L=Tianjin/O=Oakfire-Wss-Certificates/CN=localhost.local"
    
   openssl x509 -req -sha256 -days 10240 -in localhost.csr -CA RootCA.pem -CAkey RootCA.key -CAcreateserial -extfile domains.ext -out localhost.crt

4. 拷贝 localhost.key, localhost.crt 作为站点证书
5. 在 win10 上右键 RootCA.crt 导入 【受信任的根证书颁发机构】, 重启 chrome。 win7 打开certmgr.msc 或 certlm.msc 来导入。