set RANDFILE=C:.rnd
set OPENSSL_CONF=C:\OpenSSL-Win64\bin\openssl.cfg
genrsa -des3 -out root.key 1024
req -new -key root.key -out root.csr
x509 -req -days 9553 -sha256 -extfile openssl.cfg -extensions v3_req -in root.csr -signkey root.key -out root.crt
genrsa -des3 -out client.key 1024
req -new -key client.key -out client.csr
x509 -req -sha256 -extensions v3_req -CA root.crt -CAkey root.key -in client.csr -out client.crt
genrsa –des3 -out server.key 1024
req -new -key server.key -out server.csr
–第二版(最终版本)
x509 -req -days 9553 -extfile openssl.cfg -extensions usr_cert -sha256 -in root.csr -signkey root.key -out root.crt
x509 -req -days 730 -extfile openssl.cfg -extensions v3_req -sha256 -CA root.crt -CAkey root.key -CAcreateserial -in client.csr -out client.crt
pkcs12 -export -out client.pfx -inkey client.key -in client.crt
–选择输出
pkcs12 -in client.pfx -out backupclient.key
pkcs12 -export -out certfiletosignwith.pfx -keysig -in backupclient.key
–exe 签名
signtool sign /f C:\OpenSSL-Win64\bin\client.pfx /p 密码 D:\xTr.exe
signtool timestamp /t http://timestamp.digicert.com D:\xTr.exe
