redhat/openssl generates a self-signed ca certificate and uses it

One-click generation of self-signed ssl certificate and private key

./create_self_signed_cert.sh"/C=CN/ST=Guangdong/L=Guangzhou/O=xdevops/OU=xdevops/CN=gitlab.xdevops.cn"

Check OpenSSL

Check if openssl is installed

openssl version

Generally on CentOS7, openssl is already installed by default.

Generate self-signed SSL certificate and private key

Step 1: Generate a private key

# genra generate RSA private key# -des3 des3 algorithm# -out server.key Generated private key file name# 2048 Private key lengthopenssl genrsa -des3 -out server.pass.key 2048

Step 2: Remove the password from the private key

openssl rsa -in server.pass.key -out server.key

Step 3: Generate CSR (Certificate Signing Request)

# req Generate certificate signing request# -new new generation# -key private key file# -out Generated CSR file# -subj Parameters for generating CSR certificateopenssl req -new -key server.key -out server.csr -subj "/C=CN/ST=Guangdong/L=Guangzhou/O=xdevops/OU=xdevops/CN=gitlab.xdevops.cn"

Step 4: Generate a Self-Signed SSL Certificate

# -days certificate validity periodopenssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt

Edit the following configuration in the file and save:

# listen portListen 443 https# server domain nameServerName localhost# Server signing certificate fileSSLCertificateFile /data/ssl/server.crt# server key fileSSLCertificateKeyFile /data/ssl/server.key# CA certificate (two-way authentication)# SSLCACertificateFile /data/ssl/ca/ca.pem