第1步:生成私钥

openssl genrsa -des3 -out server.key 2048

第2步:生成CSR(证书签名请求)

openssl req -new -key server.key -out server.csr

Country Name (2 letter code) [AU]:CN
State or Province Name (full name) [Some-State]:Beijing
Locality Name (eg, city) []:Beijing
Organization Name (eg, company) [Internet Widgits Pty Ltd]:joyful
Organizational Unit Name (eg, section) []:info technology
Common Name (e.g. server FQDN or YOUR name) []:demo
Email Address []:demo@demo.com

第3步:删除私钥中的密码

cp server.key server.key.org
openssl rsa -in server.key.org -out server.key

第4步:生成自签名证书

openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt

server.crtserver.key就是证书内容及其私钥了.