生成证书文件certificate.crt
openssl req -x509 -newkey rsa:2048 -keyout [certificate.key] -out [certificate.crt] -days 365 -nodes -subj "/CN=*.example.com" -addext "subjectAltName=DNS:*.example.com"
或
[ req ]
default_bits = 2048
distinguished_name = req_distinguished_name
req_extensions = req_ext
x509_extensions = v3_ca
prompt = no
[ req_distinguished_name ]
C = US
ST = California
L = San Francisco
O = Example Company
OU = IT Department
CN = *.example.com # Primary common name (CN)
[ req_ext ]
subjectAltName = @alt_names
[ v3_ca ]
subjectAltName = @alt_names
[ alt_names ]
DNS.1 = *.example.com # First alternative name
DNS.2 = *.example2.com # Second alternative name
openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout [certificate.key] -out [certificate.crt] -config [sans.cnf]
生成pfx文件certificate.pfx
openssl pkcs12 -export -out [certificate.pfx] -inkey [certificate.key] -in [certificate.crt]
可以将生成的pfx文件导入代理服务
增加以下VM参数
-Dhttp.proxyHost=localhost -Dhttp.proxyPort=13000 -Dhttps.proxyHost=localhost -Dhttps.proxyPort=13000
添加证书信任
keytool -importcert -keystore $JAVA_HOME/lib/security/cacerts -file [certificate.crt] -alias [alias] -storepass changeit
使用mkcert
创建Root certificate authority
证书,导入iOS
1.安装mkcert
brew install mkcert
2.创建证书,当前目录下会生成对应的证书文件_wildcard.example.org+1.pem
及私钥文件_wildcard.example.org+1-key.pem
mkcert "*.example.org" "example.com"
第一次运行会在
"$(mkcert -CAROOT)"
目录下创建rootCA.pem
,rootCA-key.pem
3.将rootCA证书rootCA.pem
文件发到iOS设备,安装证书,同时在Settings > General > About > Certificate Trust Settings
里信任该rootCA,如果已安装过则跳过此步骤
4.将_wildcard.example.org+1.pem
发送到iOS设备,安装证书
5.使用_wildcard.example.org+1.pem
和_wildcard.example.org+1-key.pem
生成PKCS#12文件_wildcard.example.org+1.pfx
openssl pkcs12 -export -out _wildcard.example.org+1.pfx -inkey _wildcard.example.org+1-key.pem -in _wildcard.example.org+1.pem