|
|
wosign免费的不能填IP地址的,我试过
另外80被ISP封,443可用,然后我已经配置完apache2,外网也能访问https://xxx.3322.org/3322.org.html,就是认证过不了,后来找朋友放在他的托管主机上,ddns指向他的服务器,算是过了
如果想IP和ddns域名都可用,可自己签,我把常用的路由(Openwrt)啊,Linux下载机啊,NAS的内网IP全加进去了,导入自己的CA,啥错误都没了
新建一个配置文件,server_key.cnf,内容如横线内
-----------------------------------
[req]
distinguished_name = req_name
req_extensions = v3_req
[req_name]
countryName = Country Name (2 letter code)
countryName_default = CN
stateOrProvinceName = State or Province Name (full name)
stateOrProvinceName_default = FJ
localityName = Locality Name (eg, city)
localityName_default = FZ
organizationalUnitName = Organizational Unit Name (eg, section)
organizationalUnitName_default = Home
commonName = Common Name (hostname, IP, or your name
commonName_default = My Server Certificate
commonName_max = 64
[v3_req]
# Extensions to add to a certificate request
basicConstraints = CA:FALSE
keyUsage = nonRepudiation, digitalSignature, keyEncipherment
subjectAltName = @alt_names
[alt_names]
DNS.1 = xxxx.3322.org
DNS.2 = xxxx.vicp.net
IP.1 = 192.168.1.1
IP.2 = 192.168.1.2
IP.3 = 192.168.1.3
IP.4 = 192.168.1.130
IP.5 = 127.0.0.1
-----------------------------------
在命令行执行:
openssl genrsa -des3 -out ca.key 2048
openssl req -new -key ca.key -out ca.csr
openssl x509 -days 3650 -sha256 -signkey ca.key -in ca.csr -req -out ca.crt
openssl genrsa -out server.key 2048
openssl req -new -sha256 -out server.csr -key server.key -config server_key.cnf
openssl req -text -noout -in server.csr
openssl x509 -req -days 3650 -sha256 -CA ca.crt -CAkey ca.key -set_serial 01 -in server.csr -out server.crt \
-extensions v3_req -extfile server_key.cnf
cat server.key server.crt > server.pem //生成Apache PEM格式
复制代码
|
|
发表于 2016-3-29 20:36:18