拷贝openssl.cnf

增加

[ req ]

default_bits = 2048
default_md = sha256
default_keyfile = privkey.pem
distinguished_name = req_distinguished_name
attributes = req_attributes
x509_extensions = v3_ca # The extentions to add to the self signed cert

 

string_mask = utf8only

req_extensions = v3_req # The extensions to add to a certificate request

 

[ v3_req ]

# Extensions to add to a certificate request

basicConstraints = CA:FALSE
keyUsage = nonRepudiation, digitalSignature, keyEncipherment
subjectAltName = @alt_names

 

[ alt_names ]
DNS.1 = www.aaa.com
DNS.2 = 192.168.1.222
IP.1 = 192.168.1.222

 

openssl req -new -nodes -keyout server2.key -out server2.csr -config openssl.cnf

openssl x509 -req -in ustack.csr -CA ca.crt -CAkey ca.key -CAcreateserial -out ustack.crt -days 3600 -extfile openssl.cnf -extensions v3_req