[root@to8to cert]# openssl genrsa -des3 -out dev_myones_net.key 1024 Generating RSA private key, 1024 bit long modulus ............++++++ ...........................................................++++++ e is 65537 (0x10001) Enter pass phrase for dev_myones_net.key: Verifying - Enter pass phrase for dev_myones_net.key: [root@to8to cert]# ls dev_myones_net.key [root@to8to cert]# openssl req -new -key dev_myones_net.key -out dev_myones_net.csr Enter pass phrase for dev_myones_net.key: You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. ----- Country Name (2 letter code) [XX]:ZH State or Province Name (full name) []:GUANGDONG Locality Name (eg, city) [Default City]:SHENZHEN Organization Name (eg, company) [Default Company Ltd]:to8to Organizational Unit Name (eg, section) []:to8to Common Name (eg, your name or your server's hostname) []:www.xiaohuasheng.com Email Address []:watson.zeng@corp.to8to.com Please enter the following 'extra' attributes to be sent with your certificate request A challenge password []: An optional company name []: [root@to8to cert]# openssl rsa -in dev_myones_net.key -out dev_myones_net_nopwd.key Enter pass phrase for dev_myones_net.key: writing RSA key [root@to8to cert]# vim dev_myones_net.ext authorityKeyIdentifier=keyid,issuer basicConstraints=CA:FALSE keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment subjectAltName = @alt_names [alt_names] DNS.1 = www.xiaohuasheng.com [root@to8to cert]# [root@to8to cert]# [root@to8to cert]# openssl x509 -req -days 365 -in dev_myones_net.csr -signkey dev_myones_net_nopwd.key -out dev_myones_net_https.crt -sha256 -extfile dev_myones_net.ext Signature ok subject=/C=ZH/ST=GUANGDONG/L=SHENZHEN/O=to8to/OU=to8to/CN=www.xiaohuasheng.com/emailAddress=watson.zeng@corp.to8to.com Getting Private key [root@to8to cert]#