[英]How do I generate fullchain.pem and privkey.pem?
I'm trying to install this project: https://github.com/versatica/mediasoup-demo我正在尝试安装这个项目: https://github.com/versatica/mediasoup-demo
It requires fullchain.pem
and privkey.pem
files.它需要
fullchain.pem
和privkey.pem
文件。 How do I generate these with openssl or something similar, on Ubuntu 20?如何在 Ubuntu 20 上使用 openssl 或类似的东西生成这些?
Though the accepted answer seems to work (partially), it's got flaws.尽管接受的答案似乎(部分)有效,但它有缺陷。 The following gives you most of what you need for a self-signed certificate:
以下内容为您提供了自签名证书所需的大部分内容:
openssl req -new -x509 -nodes -subj "/CN=my.root" -newkey rsa:2048 -keyout ca.key -out ca.crt -reqexts v3_req -extensions v3_ca
openssl req -new -nodes -sha256 -newkey rsa:2048 -keyout domain.key -config ext.conf -out domain.csr
openssl x509 -req -in domain.csr -CA ca.crt -CAkey ca.key -CAcreateserial -out domain.crt -days 500 -sha256 -extfile ext.conf -extensions req_ext
Sample ext.conf
:样本
ext.conf
:
[req]
default_bits = 2048
prompt = no
default_md = sha256
req_extensions = req_ext
distinguished_name = some_dn
[some_dn]
C = US
ST = Florida
L = Jacksonville
O = SomeOrg
emailAddress = some@email.com
CN = thedomain.com
[req_ext]
subjectAltName = @alt_names
[alt_names]
DNS.1 = otherdomain.com
IP.1 = 1.2.3.4
Notes:笔记:
cp domain.key privkey.pem
& cat domain.crt ca.crt > fullchain.pem
to get the files OP has mentioned.cp domain.key privkey.pem
& cat domain.crt ca.crt > fullchain.pem
以获取 OP 提到的文件。 (unlike the accepted answer, the fullchain must contain CA). -nodes
if you want the key to have a passphrase.-nodes
。ext.conf
, CN
is your domain & alt_names
contains its aliases (specially if your server is not yet pointed to a domain put your IP here).ext.conf
中, CN
是您的域, alt_names
包含它的别名(特别是如果您的服务器尚未指向域,请将您的 IP 放在这里)。ca.crt
as a root CA on your client side so that your certificate is recognized.ca.crt
作为根 CA,以便识别您的证书。-reqexts v3_req -extensions v3_ca
ensures compatibility of CA cert with android clients. -reqexts v3_req -extensions v3_ca
确保 CA 证书与 android 客户端的兼容性。openssl genrsa > privkey.pem
openssl req -new -x509 -key privkey.pem > fullchain.pem
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.