用IP自签发一个HTTPS证书

用IP自签发一个证书

自签发的Nginx证书，用IP地址而非域名进行签发，并安装到浏览器的过程如下：

1. 生成自签发证书

1. 生成私钥：

   openssl genrsa -out server.key 2048

2. 生成证书签名请求（CSR）：

   openssl req -new -key server.key -out server.csr

   在提示中填写信息时，可以在 Common Name (CN) 字段输入要使用的 IP 地址：

   [root@QNXGXUUAOAW006 opt]# openssl req -new -key server.key -out server.csr
   You are about to be asked to enter information that will be incorporated
   into your certificate request.
   What you are about to enter is what is called a Distinguished Name or a DN.
   There are quite a few fields but you can leave some blank
   For some fields there will be a default value,
   If you enter '.', the field will be left blank.
   -----
   Country Name (2 letter code) [XX]:CN
   State or Province Name (full name) []:BJ
   Locality Name (eg, city) [Default City]:BJ
   Organization Name (eg, company) [Default Company Ltd]:ORG
   Organizational Unit Name (eg, section) []:ORG
   Common Name (eg, your name or your server's hostname) []:10.53.234.106
   Email Address []:
   
   Please enter the following 'extra' attributes
   to be sent with your certificate request
   A challenge password []:
   An optional company name []:
   

3. 生成自签名证书：

   openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt

2. 安装证书到浏览器

为了防止浏览器报错，你需要将证书导入信任列表