openssl生成V3 CA 证书
生成CA证书
openssl genrsa -out ca.key 2048
openssl req -new -key ca.key -out ca.csr
openssl x509 -req -days 3650 -sha256 -extfile /tmp/openssl.conf -extensions v3_req -extensions v3_ca -in ca.csr -signkey ca.key -out ca.crt
查看证书信息
openssl x509 -in rootCA.crt -text -noout
注意版号和CA扩展信息如下
Certificate:
Data:
Version: 3 (0x2)
X509v3 Basic Constraints:
CA:TRUE