SSL服务器证书过期

重新生成demoCA文件夹

mkdir -p ./demoCA/newcerts
touch demoCA/index.txt
touch demoCA/serial
echo 01 > demoCA/serial

生成根证书

openssl genrsa -out ca.key 4096
openssl req -config openssl.cnf -new -x509 -days 3650 -key ca.key -out ca.crt

生成服务器证书

openssl genrsa -out server.key 4096
openssl req -config openssl.cnf -new -key server.key -out server.csr
openssl ca -config openssl.cnf -in server.csr -out server.crt -cert ca.crt -keyfile ca.key -days 365

将/etc/httpd/conf.d/ssl.conf 以下配置文件进行相应替换

SSLCertificateFile /etc/pki/tls/certs/server.crt
SSLCertificateKeyFile /etc/pki/tls/private/server.key
SSLCACertificateFile /etc/pki/tls/certs/ca.crt

生成客户端证书

openssl genrsa -out nibon7.key 4096
openssl req -config openssl.cnf -new -key nibon7.key -out nibon7.csr
openssl ca -config openssl.cnf -in nibon7.csr -out nibon7.crt -cert ca.crt -keyfile ca.key -days 365

生成吊销凭证

openssl ca -config openssl.cnf -cert ca.crt -keyfile ca.key -gencrl -out ./demoCA/ca.crl