创建自签名 ssl 证书

运行环境是Linux,且需要已安装openssl组件
自签发的证书会不被浏览器信任所产生拦截推荐限用于测试，勿用于生成环境。

mkdir -p ~/myssl && cd ~/myssl

cat <<EOF > self.cnf
[req]
distinguished_name = req_distinguished_name
[v3_req]
subjectAltName = @alt_names
[req_distinguished_name]
[alt_names]
DNS.1 = example.org
DNS.2 = *.example.org
EOF

# 设置证书主题信息
COUNTRY="CN"
STATE="Beijing"
CITY="Beijing"
ORGANIZATION="ExampleOrg"
ORG_UNIT="Devops"
COMMON_NAME="example.org"
EMAIL="ops@example.org"

# 生成自签名 SSL 证书
openssl req -newkey rsa:4096 -x509 -nodes -days 3650 -extensions v3_req \
    -config self.cnf -keyout server.key -out server.crt \
    -subj "/C=$COUNTRY/ST=$STATE/L=$CITY/O=$ORGANIZATION/OU=$ORG_UNIT/CN=$COMMON_NAME/emailAddress=$EMAIL"