2. Create the root certificate application file ca.csr:

You need to fill in the configuration information here:

3. Self-signed root certificate ca.cer:

This step can be done or not. Generate the root certificate in p 12 format, ca.p 12 (fill in the password 123456, before the password of ca.csr, ps: enter it here as invisible, and then press enter).

5. Generate the server private key server.key:

6. Generate the server request file server.csr

Fill in the certificate configuration information:

server.csr

7. Generate server certificate server.cer(ca.cer server certificate, ca.cer, ca.key, servr.key and server.csr):

8. Generate the client key client.key:

9. Generate the client request file client.csr:

Fill in the certificate configuration information:

10. Generate client certificate client.cer:

1 1. Generate the client root certificate in p 12 format. P 12 (password setting 123456):

At this point, the certificate is complete:

Reason: The request does not have a ca certificate, so the server's certificate cannot be verified?

Solution 1:

Curly? Add -cacert ca certificate verifies the server certificate.

Solution 2:

Curl plus -k could not verify the server certificate.

The answer given online is:

No matter which method you use to generate the certificate and key file, the common name value used for the server and client certificates/keys must be different from the common name value used for the CA certificate. Otherwise, the certificate and key files will not be available to servers compiled with OpenSSL.

When OpenSSL prompts you to enter a common name for each certificate, please use a different name.

Solution:

Reference link:/p/p/094c7C8cb85, thanks to the author CQ_TYL.