In Windows, OpenSSL creates CA certificates and client and server certificates.

Because of the needs of the experiment, you need to manually create the CA certificate and the client and server certificates, which are summarized as follows: In the last two days, you have read some information about certificate creation, I found that many introductions on the Internet are not complete and are not fully operable. @ Echooff @ remsetOPENSSL_HOMEd: toolsOpenSSL-Win32setPATH % OPENSSL_HOME %

Because of the needs of the experiment, you need to manually create the CA certificate and the client and server certificates, which are summarized as follows: In the last two days, you have read some information about certificate creation, I found that many introductions on the Internet are not complete and are not fully operable. @ Echo off @ rem set OPENSSL_HOME = d: \ tools \ OpenSSL-Win32set PATH = % OPENSSL_HOME % \

Because of the needs of the experiment, you need to manually create CA certificates and client and server certificates, which are summarized as follows:

In the last two days, I checked some information about how to create a certificate. I found that many of the introductions on the Internet are incomplete and not fully operable.
I currently know about the following types of certificates:
1. keytool
Cannot create CA certificate
2. createcert.exe from Sybase ASA
It seems that you cannot create a PKCS12 Certificate
3. OpenSSL
The most powerful function.
Therefore, only OpenSSL is introduced here.


After installing the OpenSSL-Win32 to d: \ tools, modify the configuration file d: \ tools \ OpenSSL-Win32 \ bin \ openssl. cfg
Find:
[CA_default]
Dir = $ ENV: OPENSSL_HOME/CA # Where everything is kept
The original value is./demoCA.
It is better to use absolute paths. Go to the d: \ tools \ OpenSSL-Win32 \ CA directory.
Then, make some preparations, create some sub-directories, and prepare to create certificates,
The complete Batch Processing Command is as follows:

@echo off@rem set OPENSSL_HOME=d:\tools\OpenSSL-Win32set PATH=%OPENSSL_HOME%\bin;%PATH%mkdir %OPENSSL_HOME%\CAcd /d %OPENSSL_HOME%\CAecho "create subdir certs"mkdir certsmkdir newcertsmkdir privatemkdir crlecho "create file: index and serial"echo 0>index.txtecho 01>serialecho "create rand file"openssl rand -out private/.rand 1000@rem echo %random% >> private/.rand@echo offset PATH=d:\tools\Openssl-Win32\bin;%PATH%echo create private key for rootca@rem the password, set it as 123456openssl genrsa -aes256 -out private/ca.key.pem 2048echo generate root ca requestopenssl req -new -key private/ca.key.pem -out private/ca.csr -subj "/C=CN/ST=BJ/L=BJ/O=zlex/OU=zlex/CN=*.sql9.com"echo create root ca certopenssl x509 -req -days 10000 -sha1 -extensions v3_ca -signkey private/ca.key.pem -in private/ca.csr -out certs/ca.cerecho convert the cert from cer into PKCS12openssl pkcs12 -export -clcerts -in certs/ca.cer -inkey private/ca.key.pem -out certs/ca.p12echo use keytool can query the pkcs12 cert statuskeytool -list -keystore certs/ca.p12 -storetype pkcs12 -v -storepass 123456echo create server caopenssl genrsa -aes256 -out private/server.key.pem 2048openssl req -new -key private/server.key.pem -out private/server.csr -subj "/C=CN/ST=BJ/L=BJ/O=zlex/OU=zlex/CN=www.sql9.com"openssl x509 -req -days 3650 -sha1 -extensions v3_req -CA certs/ca.cer -CAkey private/ca.key.pem -CAserial ca.srl -CAcreateserial -in private/server.csr -out certs/server.ceropenssl pkcs12 -export -clcerts -inkey private/server.key.pem -in certs/server.cer -out certs/server.p12echo create client caopenssl genrsa -aes256 -out private/client.key.pem 2048openssl req -new -key private/client.key.pem -out private/client.csr -subj "/C=CN/ST=BJ/L=BJ/O=zlex/OU=zlex/CN=sql9"openssl ca -days 3650 -in private/client.csr -out certs/client.cer -cert certs/ca.cer -keyfile private/ca.key.pemopenssl pkcs12 -export -clcerts -inkey private/client.key.pem -in certs/client.cer -out certs/client.p12cp -r certs certs.new

The certs. new directory will eventually contain all the certificates we want.