Frp证书生成

cp /etc/pki/tls/openssl.cnf ./my-openssl.cnf

openssl genrsa -out ca.key 2048
openssl req -x509 -new -nodes -key ca.key -subj “/CN=example.ca.com” -days 5000 -out ca.crt

openssl genrsa -out server.key 2048

openssl req -new -sha256 -key server.key
-subj “/C=XX/ST=DEFAULT/L=DEFAULT/O=DEFAULT/CN=server.com”
-reqexts SAN
-config <(cat my-openssl.cnf <(printf “\n[SAN]\nsubjectAltName=DNS:localhost,IP:127.0.0.1,DNS:example.server.com”))
-out server.csr

openssl x509 -req -days 365
-in server.csr -CA ca.crt -CAkey ca.key -CAcreateserial
-extfile <(printf “subjectAltName=DNS:localhost,IP:127.0.0.1,DNS:example.server.com”)
-out server.crt

openssl genrsa -out client.key 2048
openssl req -new -sha256 -key client.key
-subj “/C=XX/ST=DEFAULT/L=DEFAULT/O=DEFAULT/CN=client.com”
-reqexts SAN
-config <(cat my-openssl.cnf <(printf “\n[SAN]\nsubjectAltName=DNS:client.com,DNS:example.client.com”))
-out client.csr

openssl x509 -req -days 365
-in client.csr -CA ca.crt -CAkey ca.key -CAcreateserial
-extfile <(printf “subjectAltName=DNS:client.com,DNS:example.client.com”)
-out client.crt