linxu服务器配置本地免费ssl证书

Mark in HangZhou

2020-03-16

有时候在本地开发时候也需要配置ssl证书，这样保证和线上环境一样，更适合调试，所以本篇介绍如何配置本地免费ssl证书。

# 安装mkcert

# linux安装

mkcert (opens new window)是Google公司开发的一款小工具，用来自签本地证书。

安装certutil

sudo apt install libnss3-tools
    -or-
sudo yum install nss-tools
    -or-
sudo pacman -S nss
    -or-
sudo zypper install mozilla-nss-tools

1
2
3
4
5
6
7

安装brew (opens new window)

记得使用非root账号操作，否则报错！

/bin/bash -c "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/master/install.sh)"
test -d ~/.linuxbrew && eval $(~/.linuxbrew/bin/brew shellenv)
test -d /home/linuxbrew/.linuxbrew && eval $(/home/linuxbrew/.linuxbrew/bin/brew shellenv)
test -r ~/.bash_profile && echo "eval \$($(brew --prefix)/bin/brew shellenv)" >>~/.bash_profile
echo "eval \$($(brew --prefix)/bin/brew shellenv)" >>~/.profile

1
2
3
4
5

安装mkcert

brew install mkcert

# 签署证书

# root certbot
mkcert -install

# command
mkcert -key-file key.pem -cert-file cert.pem example.com *.example.com

# option
-cert-file FILE, -key-file FILE, -p12-file FILE
    Customize the output paths.

-client
    Generate a certificate for client authentication.

-ecdsa
    Generate a certificate with an ECDSA key.

-pkcs12
    Generate a ".p12" PKCS #12 file, also know as a ".pfx" file,
    containing certificate and key for legacy applications.

-csr CSR
    Generate a certificate based on the supplied CSR. Conflicts with
    all other flags and arguments except -install and -cert-file.