Root Certificate # Root Key openssl genrsa -des3 -out ca.key 2048 # ROOT CA Certificate openssl req -x509 -new -nodes -key ca.key -sha256 -days 3650 \ -subj "/C=CN/ST=SH/L=SH/O=ON" \ -out ca.crt Server Certificate # Server Key openssl genrsa -out server.key 2048 # Server CSR openssl req -new -key server.key \ -subj "/C=CN/ST=SH/L=SH/O=ON" \ -out server.csr # Server Certificate，3650 days openssl x509 -req -in server.csr -CA ca.crt -CAkey ca.key -CAcreateserial -days 3650 -out server.crt # p12 openssl pkcs12 -export -in server.crt -inkey server.key -out server.p12 -name "server" # pem openssl x509 -in ca.crt -out ca.pem -outform PEM Client Certificate # Client Key openssl genrsa -out client.key 2048 # Client CSR,Common Name: client Name requried openssl req -new -key client.key \ -subj "/C=CN/ST=SH/L=SH/O=ON/CN=Env1" \ -out client.csr # Client Certificate openssl x509 -req -in client.csr -CA ca.crt -CAkey ca.key -CAcreateserial -days 3650 -sha256 -out client.crt # p12 openssl pkcs12 -export -out client.p12 -inkey client.key -in client.crt -certfile ca.crt # pem openssl x509 -in client.crt -out client.pem -outform PEM verify # verify chain openssl verify -CAfile ca.crt client.crt #…