--- title: How to Generate Private Key and Certificate Using OpenSSL tags: Chinese --- # 如何利用OpenSSL建立Private Key和Certificate 本文將介紹如何於Linux與Windows上利用OpenSSL建立Private Key和Certificate，並啟用SideeX WebService SSL連線。 ## 步驟1：取得OpenSSL - `Ubuntu`已內建OpenSSL - `Windows`版本之OpenSSL下載網址: [OpenSSL](https://www.softpedia.com/get/Programming/Components-Libraries/OpenSSL.shtml)。提示：Git已內建OpenSSL，預設路徑為`C:\Program Files\Git\usr\bin\openssl.exe` ## 步驟2：建立Private Key與Certificate 1. 建立一個檔案`server.conf`，檔案內容如下： ```conf= [req] prompt = no default_md = sha256 default_bits = 2048 distinguished_name = dn x509_extensions = v3_req [dn] C = TW ST = Taiwan L = Taipei O = Duotify Inc. OU = IT Department emailAddress = admin@example.com CN = localhost [v3_req] subjectAltName = @alt_names [alt_names] DNS.1 = *.localhost DNS.2 = localhost ``` 2. 開啟命令列並執行以下指令以建立`private key`和`certificate` - Windows ``` $ openssl req -x509 -new -nodes -sha256 -utf8 -days 3650 -newkey rsa:2048 -keyout server.key -out cert.crt -config server.conf ``` - Linux ``` $ openssl req -x509 -new -nodes -sha256 -utf8 -days 3650 -newkey rsa:2048 -keyout key.pem -out cert.pem -config server.conf ``` ## 步驟3：啟用SideeX WebService SSL連線 請將產生之`key`與`cert`放在與`serviceconfig.json`同一個目錄，然後啟動SideeX WebService，服務啟動後所有用戶端將可使用SSL連線傳送測試案例與取得測試報告。