给 localhost 添加CA证书
参考 https://majing.io/posts/10000050311000
- 在 Ubuntu 18.04 上执行
openssl rand -writerand ~/.rnd openssl req -x509 -nodes -new -sha256 -days 10240 -newkey rsa:2048 -keyout RootCA.key -out RootCA.pem -subj "/C=US/CN=WSS-Root-CA" openssl x509 -outform pem -in RootCA.pem -out RootCA.crt
生成根证书
- 创建文件 domains.ext, 写入以下内容
authorityKeyIdentifier=keyid,issuer basicConstraints=CA:FALSE keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment subjectAltName = @alt_names [alt_names] DNS.1 = localhost DNS.2 = oakfire-wss.local
- 继续执行
openssl req -new -nodes -newkey rsa:2048 -keyout localhost.key -out localhost.csr -subj "/C=CN/ST=Tianjin/L=Tianjin/O=Oakfire-Wss-Certificates/CN=localhost.local" openssl x509 -req -sha256 -days 10240 -in localhost.csr -CA RootCA.pem -CAkey RootCA.key -CAcreateserial -extfile domains.ext -out localhost.crt
- 拷贝 localhost.key, localhost.crt 作为站点证书
- 在 win10 上右键 RootCA.crt 导入 【受信任的根证书颁发机构】, 重启 chrome。 win7 打开
certmgr.msc
或certlm.msc
来导入。