Specific commands and steps for Linux to generate self-validating SSL certificates

1. First to generate the server-side private key (key file):
OpenSSL genrsa-des3-out Server.key 1024

2. command to remove the key file password:
OpenSSL rsa-in server.key-out Server.key

3. Generate a server-side certificate
OpenSSL Req-new-key server.key-out server.csr-config/etc/ssl/openssl.cnf

4. The same command is generated for the client to generate key and CSR files:
OpenSSL genrsa-des3-out Client.key 1024
OpenSSL Req-new-key client.key-out client.csr-config/etc/ssl/openssl.cnf

5.CSR files must be signed by a CA to form a certificate. This file can be sent to VeriSign and other places to be verified by it, to pay a large sum of money, why not do the CA itself.
OpenSSL req-new-x509-keyout ca.key-out ca.crt-config/etc/ssl/openssl.cnf

6.mkdir democa && cd democa && mkdir newcerts && touch index.txt && echo "" > Serial && CD.

7. Signing with your own generated CA certificate
OpenSSL ca-in server.csr-out server.crt-cert ca.crt-keyfile ca.key-config/etc/ssl/openssl.cnf
OpenSSL ca-in client.csr-out client.crt-cert ca.crt-keyfile ca.key-config/etc/ssl/openssl.cnf

8. Problem OpenSSL txt_db Error number 2
Failed to update database
Method One: Modify Democa under Index.txt.attr
Unique_subject = yes change Yes to No
Method Two: Delete Democa under the Index.txt, and then touch the next
Method Three: Set the common name to a different

9.OPENSSL.CNF's path must be written right.

10. Now all the files we need are generated.
Other:
The files used by the client are: Ca.crt,client.crt,client.key
The files used by the server are: Ca.crt,server.crt,server.key

Specific commands and steps for Linux to generate self-validating SSL certificates