在实验室中学习 openssl，因此这里没有什么私密内容。我按照以下所述创建，但应用程序抱怨服务器密钥无效。

有人能验证一下吗？然后我就可以联系应用程序供应商了。

创建默认的根 CA 证书设置：

==========================================

cat > ca.cnf <<EOF
[ req ]
distinguished_name = req_distinguished_name
x509_extensions = v3_ca
prompt = yes

[ req_distinguished_name ]
emailAddress = Email Address
CN = Common Name
OU = Organizational Unit
O = Organization
L = Locality
ST = State or Province name
PC = Postal Code
C = Country

[ v3_ca ]
basicConstraints = critical,CA:true
subjectKeyIdentifier = hash
authorityKeyIdentifier = keyid:always,issuer
keyUsage = critical, digitalSignature, cRLSign, keyCertSign
EOF

生成根 CA 证书：

==============================

openssl req -new -x509 -newkey rsa:4096 -keyout ca.key -days 365 -out ca.crt -config ca.cnf

产量：

-----BEGIN CERTIFICATE-----
MIIFuTCCA6GgAwIBAgIUaKkDjsxR4Lg9tW8+L4a8GyVJb6kwDQYJKoZIhvcNAQEL
BQAwZDEQMA4GA1UEAwwHbWlraWVDQTELMAkGA1UECwwCSVQxDDAKBgNVBAoMA0JD
UzEUMBIGA1UEBwwLTWlubmVhcG9saXMxEjAQBgNVBAgMCU1pbm5lc290YTELMAkG
A1UEBhMCVVMwHhcNMjQwNDI5MTYxNjIzWhcNMjUwNDI5MTYxNjIzWjBkMRAwDgYD
VQQDDAdtaWtpZUNBMQswCQYDVQQLDAJJVDEMMAoGA1UECgwDQkNTMRQwEgYDVQQH
DAtNaW5uZWFwb2xpczESMBAGA1UECAwJTWlubmVzb3RhMQswCQYDVQQGEwJVUzCC
AiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBALU4Qoqyec+HupBScgPsa53q
5F0uf2OTYXKNEqjD8w+14zKBI/u1svJ89bTh1fEebRo8VwyKzuBBUpVvHUp6f0O7
8GrmNSEJp+0E61U8ak0ZcFeeC2Dpl3z+V5Za5SB6WxxwNMWdNSJX0v4gMjNx9a24
TUZt0FevTkKaMYjAF1vcQ5EPqCz7xLfgJ1JwK+RVqsABwekKgDpeStz66Xeff0bF
7K1xSdTJY43pgJ0cup907TvYzPOAoxu57AvOsGrfEuu4o4OiFgNKt/BLKSskMA9o
+UeQdHXnq4gbF8pv1XJvGCgR5FQJRERkggT2eu5zn6Pbs21FLmTWFU8BjRt6MiWV
ba5YySbwY6M5sI4s4KTIfWr1ctbBc0KNkGaaq62Sdmp0ioLvxYPaoY3Y7C71GJ/Z
JNH1wxaItSc/9LmgnSg/D2D40fYOm24MTs8scyw2nptxLuTNXySPyErLY+40YQ+y
ZfZXPGaMH7euem6uei64OqY3u4/gCJNlw1/JAYZZ3+Ltfdb7gsbUliZXMnmIA6Dd
0lw6bIvkpHVqMtxuzUopgnJ5uCtNxLiK6Bbvlcd4ZcygeAri8SF97molz6KKHhDD
mJGtEzK+7VQj6eWi4vacDy5xwazGFsnlEZwp+LEDPVSEdE2MbXR1umKUvkV35/SN
h/C6yo2wv277UdadJ0CfAgMBAAGjYzBhMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0O
BBYEFKLpKVaRGkUb2JsCEU/NXElBRBbOMB8GA1UdIwQYMBaAFKLpKVaRGkUb2JsC
EU/NXElBRBbOMA4GA1UdDwEB/wQEAwIBhjANBgkqhkiG9w0BAQsFAAOCAgEAmPeG
++hzEBgcjlrsgLHW0RbzZrTYcTP9/9UFByF8sqph9TMq+esGHTMpQh2UoerZE1je
c4xJ73jZWRnAFkn0t+o+gQPCkgNhIn3eTveTRXqxUaLk/k6vVd0Nv3lCzg1WdeX9
/SpG35tEuUnnc9iAV0xw2ZoZaY2ySrSbxcqrdzWds1nDa22MIh+ThYkSb8RZ9l12
WX4WaeRuIu6GzDDUoj5ygwxy3kmHY6DMeDtAtJtnAPiuM01NWQaAPvtshqB+ee5A
HCdGgqUZWLryCs6ySrJKUBUcSjiOzlb9+40lXnDMvfuQvE8fNI3GUQEGCjQBJEjw
aMXXnzjWgFmtqMMiIeW87f6Wy2wcm/zWzEJ7bFJpR9K/Qp13HkOouWXlMBsn+AoO
Kbm+TbTqWX7Mj8dko/Sq9eLQ6YN4dGxbuAU9NZg3mFBK8GO3gKcmDjliPaGxjYM/
/MCPkuOBr4ZdEDVc7ZzEt/4CqLa5hsdNZoNW9pQFstP3beNLU2qlmKEmKakWHR+0
lN9vxTF/vxY+vCwvY0vwksc9C9h34d+4hkK9yAiq1ZpmrZK3WC1bumfMH6VzAtPW
y7PUTRGtD+CYSm3JyQHE7F0G/85T2JEHST3Zqt5Rsr2o+57E6gqs9Q6wbqfMgFY4
DyiT0veqWmgrK/kmnWH6KoS+o5rcDQ0Jjjd9GIE=
-----END CERTIFICATE-----

为服务器证书生成 CSR：

=====================================

cat > server.v3.ext <<EOF
basicConstraints = CA:FALSE
nsCertType = server
nsComment = "OpenSSL Generated Server Certificate"
subjectKeyIdentifier = hash
authorityKeyIdentifier = keyid,issuer:always
keyUsage = critical, digitalSignature, keyEncipherment
extendedKeyUsage = serverAuth
EOF

openssl req -newkey rsa:2048 -nodes -keyout server.key -days 365 -out server.csr

生成服务器证书并使用 RootCA 签名：

===================================================

openssl x509 -req -in server.csr -CA ca.crt -CAkey ca.key -out server.crt -CAcreateserial -sha256 -days 365 -extfile server.v3.ext

产量：

-----BEGIN CERTIFICATE-----
MIIFnjCCA4agAwIBAgIUeuOmldkVaOd+H8OK4BEoQko4hQYwDQYJKoZIhvcNAQEL
BQAwZDEQMA4GA1UEAwwHbWlraWVDQTELMAkGA1UECwwCSVQxDDAKBgNVBAoMA0JD
UzEUMBIGA1UEBwwLTWlubmVhcG9saXMxEjAQBgNVBAgMCU1pbm5lc290YTELMAkG
A1UEBhMCVVMwHhcNMjQwNDI5MTYzNTI0WhcNMjUwNDI5MTYzNTI0WjBrMQswCQYD
VQQGEwJVUzESMBAGA1UECAwJTWlubmVzb3RhMRQwEgYDVQQHDAtNaW5uZWFwb2xp
czEMMAoGA1UECgwDQkNTMQswCQYDVQQLDAJJVDEXMBUGA1UEAwwOMTkyLjE2OC4x
MC4xMDIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCjEc/rwrI2czr/
leAyvLLiEHyZZITTdikAaz32NRfJepCBYlPzhY02sqGgM8z8zffvP0/ThhdAbpOB
m2BtJS+fStAWPIdxtrtR7CUoYcXCEHn4N5DsXpt4oTFMAbvs6AH98aEehyd8niNV
Hz7EfhdSePY1I51mkv614aMKtTfdOcd8cB9rhKwzxXtBpgWyx1Tj5srIfCatTK+O
es9CG2orOfkb3IRx2bnC+XYNye6XOPXt/B5lYaNEsayPCqYOyruSAxrktl9BumTy
IZhs74g63cKOR+18hhuN6QkKlB/SdLcyuHlJqh2pjsnPN4igM96Xmka2NfHMn6YN
QuIdHRMbAgMBAAGjggE/MIIBOzAJBgNVHRMEAjAAMBEGCWCGSAGG+EIBAQQEAwIG
QDAzBglghkgBhvhCAQ0EJhYkT3BlblNTTCBHZW5lcmF0ZWQgU2VydmVyIENlcnRp
ZmljYXRlMB0GA1UdDgQWBBTZrdTuuBnWHDEbY37XQ9Zm5/1WSTCBoQYDVR0jBIGZ
MIGWgBSi6SlWkRpFG9ibAhFPzVxJQUQWzqFopGYwZDEQMA4GA1UEAwwHbWlraWVD
QTELMAkGA1UECwwCSVQxDDAKBgNVBAoMA0JDUzEUMBIGA1UEBwwLTWlubmVhcG9s
aXMxEjAQBgNVBAgMCU1pbm5lc290YTELMAkGA1UEBhMCVVOCFGipA47MUeC4PbVv
Pi+GvBslSW+pMA4GA1UdDwEB/wQEAwIFoDATBgNVHSUEDDAKBggrBgEFBQcDATAN
BgkqhkiG9w0BAQsFAAOCAgEAPPvE1GVlmx4HaRSOZSy4072P/mqMgjlCPHCEpFc9
+wRDyv6GBPWOJFcy6vcy5FV0AGovloTt4l1zTYxYC9GUhGMiYZxQzr5HSBei0/Vn
IUMoe9BHPjdn2cGvUyrgWg29FIo7vRuS43/a0NnOyX1cetuZ+Lt2Gnrn2DUTRJ61
5epS2w2+ewvLHDAIPTrwKy4/GS7gd+LZL9IbyJURq2nijT6nv6jn+pSQepMnRx8W
LjknLV71S18LjTTQ8M/5lofuF1OJS0R/wyrVUUVH7W5PtDbAzWb2yADTs9RBsqyM
RHjPruTVAAkf18mUTkOpte0I1vmdDj4TEtKZQtu8UV48q9B6IcZq7LjaIKzHrCPG
DnLKvWcgqDNHGP9e0yDXHJAFL2hl5NxY8uNKvhTZqqLhbzuCcM1NDPElIKLEV7gC
ohZ82x7/ZY4hzA5qnP2W5tUih9CYpwgsKvhh1tNd75/VEiRbQk6n76FYSny+mjH4
fR74DxdxKjYH8p7Up/DiRxHbQi/P5vXjObqNBHgfbwUt1sXZXhwcHED+VZW2cWH1
Sbx9d8Ly8BfZ041QL5HGAHUSehgE4KMrwgKZ3igP8JxIRIk+pfOOcSNMagnLcLad
zn0HP8dN/ExVmFkPseQ7YabcfV9JZ6qSrSH6RRE8cMjMcYgEsFajka3zS9lMy+0J
p4g=
-----END CERTIFICATE-----
-----BEGIN PRIVATE KEY-----
MIIEvwIBADANBgkqhkiG9w0BAQEFAASCBKkwggSlAgEAAoIBAQCjEc/rwrI2czr/
leAyvLLiEHyZZITTdikAaz32NRfJepCBYlPzhY02sqGgM8z8zffvP0/ThhdAbpOB
m2BtJS+fStAWPIdxtrtR7CUoYcXCEHn4N5DsXpt4oTFMAbvs6AH98aEehyd8niNV
Hz7EfhdSePY1I51mkv614aMKtTfdOcd8cB9rhKwzxXtBpgWyx1Tj5srIfCatTK+O
es9CG2orOfkb3IRx2bnC+XYNye6XOPXt/B5lYaNEsayPCqYOyruSAxrktl9BumTy
IZhs74g63cKOR+18hhuN6QkKlB/SdLcyuHlJqh2pjsnPN4igM96Xmka2NfHMn6YN
QuIdHRMbAgMBAAECggEAKm+1OzZkqFTecqrvOGTw7HG76zNEeb9TNj+yVUNF2HHj
7zfGfyYvNJ/R/d3dJ6D2N7WzMWnA3UypaF4l/uFhfkO62T6RRN936f7ZQKQJEdK1
2wmi1lBch0zzhkMhQ6qw8gQSmN41QXHp4foKnJnvuc+uyu9kw8/XJz/77Qpx6kj3
ipEv46pZIFa3+p04AgZWiRZGD60j2gWLqj3qMwaJQYvn/uOk19FshCW+lOGhvYji
MS8SvuyisFeqVJXcDJdn3R81DnlUcWxBQffyI4W8n6AdZRtPJU8QaMDuQSyiZk3Z
X2G7MBU8r7Q1tZWnlOkOyXDfljMrevihLU/CKIzGkQKBgQDB2Nhn7oBNvHxkLySe
zUpTDLOZ/QYKAH0ErB/q5SjFEBwkuuHToNXGRYEIGY8y1nNfMLnfSHu2beEcywZO
1rtLL6m/HY7lpY4fXdMBUl8GMVq9dFIalC51tfwrkdn1QZNHLIQ3w/s2lEsQ6XnV
25hI4pZSzMla7xnyLP+eY/PzMwKBgQDXWrjOufhdKi4cpq8NxuCP1NDyO5XCvwM/
WpfyeT8DTx/oa6wGo2FXB5Nv4YYAIyPEbfShKPIW2mluVYYI6y+ZYmDFWZLQjZ4V
mmnB2JD0wVD9jESQW5pfZy2W2MO4HRZ1bKmgrM7/gXHuweBDstdM1v0faRM5GBc1
uw2kDfRgeQKBgQCRdP8GFgBu1IXew0VOaCtiYECQxz112eH11JbqsuRB4xHLOfRk
0eY3rkXhZxR+CE9wWWbQNlqmjJMEARCNrjHCfFR6lVp51h3sSYIhFsc5JWW6jgNh
8FlgeJttsjcEAx3ZpXzdP5FM5j/hw+Bpais+XdCA9ywMsSgeAkgZeVU/4wKBgQCh
+tzysTK8cJOKfV1CEYqq5Lnc2TCF8MJyjqOnf8cDqCop2YLk41K98TbWel0eEVA/
2SydY3zj75hJow5T+wIsbrC2/+7L6xkyypgtc8VkM1vFuhGAO0Zb5/GEerqL62UP
IZJdBl4UFLsriKw0f3otk6+ERrZsxU//3Bggg1aCkQKBgQC/V0z7yDVi+PYSF1R2
+EczT4kLrWylcXUM4YgzENFKqewkea1gUTdIQahGLXCi14tE0opEryrbyt6u+ebr
fxhdfNTY4P1UA/IbcKwsIyB97UkCoNnPwLd3AYjqMIjWJrH9Aoz+/t8LROzfK1u1
oaM5JBsvdBBSpBXUlFnoK/SJug==
-----END PRIVATE KEY-----