⒈安装CFSSL
wget https://pkg.cfssl.org/R1.2/cfssl_linux-amd64 wget https://pkg.cfssl.org/R1.2/cfssljson_linux-amd64 https://pkg.cfssl.org/R1.2/cfssl-certinfo_linux-amd64
①生成证书
②利用Json生成证书
③查看证书信息的工具
⒉修改权限
chmod +x cfssl_linux-amd64 cfssljson_linux-amd64 cfssl-certinfo_linux-amd64
⒊移动文件
mv cfssl_linux-amd64 /usr/local/bin/cfssl mv cfssljson_linux-amd64 /usr/local/bin/cfssljson mv cfssl-certinfo_linux-amd64 /usr/local/bin/cfssl-certinfo
⒋验证指令
cfssl --help
①print-defaults 输出生成证书的模板
⒌生成一个配置模板
cfssl print-defaults config > config.json
默认生成的模板文件如下:
1 { 2 "signing": { //签名 3 "default": { 4 "expiry": "168h" //默认过期时间 5 }, 6 "profiles": { 7 "www": { 8 "expiry": "8760h", 9 "usages": [ 10 "signing", 11 "key encipherment", 12 "server auth" 13 ] 14 }, 15 "client": { 16 "expiry": "8760h", 17 "usages": [ 18 "signing", 19 "key encipherment", 20 "client auth" 21 ] 22 } 23 } 24 } 25 }
⒍生成证书信息文件
cfssl print-defaults csr > csr.json
默认生成的模板文件如下:
1 { 2 "CN": "example.net", //标识具体的域 3 "hosts": [ //使用该证书的域名 4 "example.net", 5 "www.example.net" 6 ], 7 "key": { //加密方式,一般RSA 2048 8 "algo": "ecdsa", 9 "size": 256 10 }, 11 "names": [ //证书包含的信息,例如国家、地区等 12 { 13 "C": "US", 14 "L": "CA", 15 "ST": "San Francisco" 16 } 17 ] 18 }