Use OpenSSL self-issuing server https Certificate

OpenSSL officially recommends win32 executable file version download: http://www.slproweb.com/products/Win32OpenSSL.htmlca.key CA private key: openssl genrsa-des3-out ca. key 2048 makes the decrypted CA private key, but this step is generally not required: openssl rsa-in ca. key-out ca_decrypted.keyca.crt CA root certificate (Public key): openssl req-new-x509-days 7305-key ca. key-out ca. private Key of the crt server: openssl genrsa-des3-out server. key 2048: the server private key after decryption (Win + Apache needs to decrypt the server private key): openssl rsa-in server. key-out server. key2: generate the CSR file for the signature request from the server private key: openssl req-new-key server. key-out server. csr ### note: Server certificate. Enter the domain name when you use commonName, for example, * .creke.net. wildcard characters are supported. Enter the content after the mailbox. If you generate a personal certificate, for example, to encrypt the signature email, enter the name in commonName, emailAddress is the email address ### file used to sign the user using the Root CA: server. csr, ca. crt, ca. keyopenssl ca-in server. csr-out server. crt-cert ca. crt-keyfile ca. key if the Root user does not have a password, enter "y" twice after the preceding command to generate the server. crt successful. If an error is reported, check whether the following folders exist in the directory where the openssl command is run:-demoCA (level 1)-newcerts (level 2)-private (level 2) and demoCA: demoCA-index.txt-serialindex.txt is a blank file. Enter a number in the serial file, for example, 123. ######################################## ##### after completing the three steps, the command for converting the Root CA crt format to der format is attached: openssl x509-in ca. crt-outform DER-out ca. derder format: Import root certificates to mobile devices