產生自簽憑證 openssl req -x509 -newkey rsa:4096 -sha256 -nodes -keyout key.pem -out cert.pem -days 3650

linux 下載

windows 下載

https://slproweb.com/products/Win32OpenSSL.html

操作

產生 private KEY 、 CSR

D:\key>openssl.exe" req -new -newkey rsa:2048 -nodes -keyout Wildcard.key -out Wildcard.csr

Generating a RSA private key ……………………+++++ ….+++++ writing new private key to ‘Wildcard.key’

You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter ‘.’, the field will be left blank.

Country Name (2 letter code) [AU]:TW State or Province Name (full name) [Some-State]:Taiwan Locality Name (eg, city) []:Taichung Organization Name (eg, company) [Internet Widgits Pty Ltd]:english company name Organizational Unit Name (eg, section) []:IT Common Name (e.g. server FQDN or YOUR name) []:*.domain.name Email Address []:whocare@who.who

Please enter the following ’extra’ attributes to be sent with your certificate request A challenge password []:P@ssw0rd An optional company name []:

================================== 將 CSR 給憑證單位簽發憑證

換回 root.cer 根憑證 server.cer 主憑證 uca_1.cer 鍊憑證1 uca_2.cer 鍊憑證2

合併鍊憑證 copy uca_2.cer+uca_1.cer chain.cer

轉換憑證 pfx

D:\key>openssl pkcs12 -export -out Wildcard.pfx -inkey Wildcard.key -in server.cer -certfile root.cer -certfile chain.cer Enter Export Password:自訂 PFX 密碼 Verifying - Enter Export Password:自訂 PFX 密碼