SSL证书生成

1.使用OPENSSL生成SSL证书

生成证书的openssl 命令

openssl req -x509 -sha256 -nodes -days 365 -newkey rsa:2048 -keyout privateKey.key -out certificate.crt

运行命令后，具体步骤如下 

root@VM-4-13-debian:~# openssl req -x509 -sha256 -nodes -days 365 -newkey rsa:2048 -keyout privateKey.key -out certificate.crt
Generating a RSA private key
.................................................................................+++++
...................................................................................................................+++++
writing new private key to 'privateKey.key'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:
State or Province Name (full name) [Some-State]:
Locality Name (eg, city) []:
Organization Name (eg, company) [Internet Widgits Pty Ltd]:
Organizational Unit Name (eg, section) []:
Common Name (e.g. server FQDN or YOUR name) []:www.sslaaa.com
Email Address []:

简单一点的话，其中我们只要填写 Common Name ，就是域名即可 ，完成后，这将生成两个文件，

• privateKey.key 是私钥
• certificate.crt 是对应的SSL证书

2.在线工具生成SSL证书

我们提供一个在线工具，仅需输入域名即可生成对应的证书和私钥代码

生成SSL证书

通过以上方式生成的SSL证书都是属于自签发证书，就是说不被浏览器所信任的，访问网站的时候，浏览器会提示证书不可信，你要选择忽略这个错误，或者是把这个SSL证书导入到你电脑上的根证书库里面，这样浏览器就不会在提示错误

3.另外一种选择

如果是用于短期测试，您也可以考虑使用我们提供的免费SSL证书，每个证书体验有效期是30天，申请流程也很简单，只需要验证域名控制权即可签发证书，这是权威CA签发的SSL证书，支持所有浏览器和操作系统，浏览器将不再提示证书错误