ROS自带的证书生成器老失败,用Centos生成证书的步骤
1)生成 CA 证书
certtool --generate-privkey --outfile ca-key.pem
cat >ca.tmpl <<EOF
cn = "NJWULIU VPN CA"
organization = "NJWULIU"
serial = 1
expiration_days = 3650
ca
signing_key
cert_signing_key
crl_signing_key
EOF
certtool --generate-self-signed --load-privkey ca-key.pem
--template ca.tmpl --outfile ca-cert.pem
生成 ca-cert.pem和ca-key.pem
2)生成本地服务器证书
certtool --generate-privkey --outfile server-key.pem
cat >server.tmpl <<EOF
cn = "www.njwuliu.com"
organization = "NJWULIU"
serial = 2
expiration_days = 3650
encryption_key
signing_key
tls_www_server
EOF
certtool --generate-certificate --load-privkey server-key.pem
--load-ca-certificate ca-cert.pem --load-ca-privkey ca-key.pem
--template server.tmpl --outfile server-cert.pem
生成 server-cert.pem 和 server-key.pem
3)生成客户端证书
certtool --generate-privkey --outfile client-key.pem
cat >client.tmpl <<EOF
cn = "www.njwuliu.com"
organization = "NJWULIU"
serial = 2
expiration_days = 3650
encryption_key
signing_key
tls_www_client
EOF
certtool --generate-certificate --load-privkey client-key.pem
--load-ca-certificate ca-cert.pem --load-ca-privkey ca-key.pem
--template client.tmpl --outfile client-cert.pem
生成client-key.pem和client-cert.pem