这两天在看webRTC文档,需要使用https://ip的方式访问摄像头和麦克风,这就要求使用https协议,因为是练习,没有必要 去花钱弄什么CA证书。在网上找到了在本地使用OpenSSL生成privkey.key和cacert.pem的方式。记录一下碰到的坑:
首先是步骤:
1、下载编译好的openssl。因为OpenSSL没有Windows的,所以使用第三方。链接:http://slproweb.com/products/Win32OpenSSL.html
2、下载light即可,根据自己机子具体情况,下载对应位数的版本。如图:

3、下载后一路下一步即可,最后完成时候有个捐款,直接取消,点击finish即可。
4、使用管理员权限运行cmd,输入:openssl genrsa -out privkey.key 2048,生成privkey.key文件。基本到这一步,都很顺利,接下里,重头戏开始。
5、按照文档,在cmd里运行:openssl req -new -x509 -key privkey.key -out cacert.pem -days 1095,到这里会提示没有或者找不到openssl.cfg文件。但是要知道,我们安装的bin目录里根本没有这个文件。这里是需要我们自己写进去的,在C:\Program Files\OpenSSL-Win64\bin\文件夹中(此处根据自己安装的具体路径,不可照抄)新建openssl.cfg(用txt生成一个,改扩展名为cfg)。文件内容照抄如下(为了复制方便,这里使用代码块,可以直接点击复制):
#
# OpenSSL configuration file.
#
# Establish working directory.
dir = .
[ ca ]
default_ca = CA_default
[ CA_default ]
serial = $dir/serial
database = $dir/certindex.txt
new_certs_dir = $dir/certs
certificate = $dir/cacert.pem
private_key = $dir/private/cakey.pem
default_days = 365
default_md = md5
preserve = no
email_in_dn = no
nameopt = default_ca
certopt = default_ca
policy = policy_match
[ policy_match ]
countryName = match
stateOrProvinceName = match
organizationName = match
organizationalUnitName = optional
commonName = supplied
emailAddress = optional
[ req ]
default_bits = 1024 # Size of keys
default_keyfile = key.pem # name of generated keys
default_md = md5 # message digest algorithm
string_mask = nombstr # permitted characters
distinguished_name = req_distinguished_name
req_extensions = v3_req
[ req_distinguished_name ]
# Variable name Prompt string
#------------------------- ----------------------------------
0.organizationName = Organization Name (company)
organizationalUnitName = Organizational Unit Name (department, division)
emailAddress = Email Address
emailAddress_max = 40
localityName = Locality Name (city, district)
stateOrProvinceName = State or Province Name (full name)
countryName = Country Name (2 letter code)
countryName_min = 2
countryName_max = 2
commonName = Common Name (hostname, IP, or your name)
commonName_max = 64
# Default values for the above, for consistency and less typing.
# Variable name Value
#------------------------ ------------------------------
0.organizationName_default = My Company
localityName_default = My Town
stateOrProvinceName_default = State or Providence
countryName_default = US
[ v3_ca ]
basicConstraints = CA:TRUE
subjectKeyIdentifier = hash
authorityKeyIdentifier = keyid:always,issuer:always
[ v3_req ]
basicConstraints = CA:FALSE
subjectKeyIdentifier = hash
6、重新按照如下顺讯运行三条命令即可:
set OPENSSL_CONF=C:\Program Files\OpenSSL-Win64\bin\openssl.cfg
openssl genrsa -out privkey.key 2048
openssl req -new -x509 -key privkey.key -out cacert.pem -days 1095
本文介绍了如何在Windows上使用Win64OpenSSL_Light生成自签名HTTPS授权证书,详细记录了从下载OpenSSL到创建证书过程中遇到的问题及解决方案,包括openssl.cfg文件的创建和配置。
352

被折叠的 条评论
为什么被折叠?



