生成SSL证书

使用openssl生成证书

openssl是目前最流行的SSL密码库工具，其提供了一个通用、健壮、功能完备的工具套件，用以支持SSL/TLS协议的实现。

好比生成到：/usr/local/ssl

生成命令

openssl req -x509 -nodes -days 36500 -newkey rsa:2048 -keyout /usr/local/ssl/nginx.key -out /usr/local/ssl/nginx.crt

生成过程：

# openssl req -x509 -nodes -days 36500 -newkey rsa:2048 -keyout /u    sr/local/ssl/nginx.key -out /usr/local/ssl/nginx.crt
Generating a 2048 bit RSA private key
...............................................................................+    ++
...............+++
writing new private key to '/usr/local/ssl/nginx.key'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:CN
State or Province Name (full name) []:beijing
Locality Name (eg, city) [Default City]:beijing
Organization Name (eg, company) [Default Company Ltd]:xxxx
Organizational Unit Name (eg, section) []:xxxx
Common Name (eg, your name or your server's hostname) []:xxxx（通常是域名）
Email Address []:xxxx@xxxx.com

下面是上述命令相关字段含义：

Country ，单位所在国家，为两位数的国家缩写，如： CN 就是中国
State/Province ，单位所在州或省
Locality ，单位所在城市 / 或县区
Organization ，此网站的单位名称;
Organization Unit，下属部门名称;也经常用于显示其余证书相关信息，如证书类型，证书产品名称或身份验证类型或验证内容等;
Common Name ，网站的域名;
Email Address ，邮箱地址

生成结果

在/usr/local/ssl目录下会生成nginx.crt和nginx.key文件