openssl是一个功能丰富且自包含的开源安全工具箱。它提供的主要功能有：SSL协议实现(包括SSLv2、SSLv3和TLSv1)、大量软算法(对称/非对称/摘要)、大数运算、非对称算法密钥生成、ASN.1编解码库、证书请求(PKCS10)编解码、数字证书编解码、CRL编解码、OCSP协议、数字证书验证、PKCS7标准实现和PKCS12个人数字证书格式实现等功能。
一、安装

检查是否自带如没有进行安装
[root@192 ~]# openssl version
OpenSSL 1.1.1m  14 Dec 2021
yum -y install openssl

二、生成私钥文件

[root@192 ssl]# openssl genrsa -out private.key 2048
Generating RSA private key, 2048 bit long modulus (2 primes)
...........................+++++
...............................+++++
e is 65537 (0x010001)
生成一个2048位的RSA私钥。
[root@192 ssl]# ll
total 4
-rw------- 1 root root 1679 Oct 18 19:46 private.key

三、生成证书请求文件

[root@192 ssl]# openssl req -new -key private.key -out server.csr
#涉及一些国家、常用名称、密码、组织、email等
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:cn
State or Province Name (full name) [Some-State]:sn
Locality Name (eg, city) []:sn
Organization Name (eg, company) [Internet Widgits Pty Ltd]:sn
Organizational Unit Name (eg, section) []:sn
Common Name (e.g. server FQDN or YOUR name) []:sn
Email Address []:1122@qq.com

Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:123456
An optional company name []:sn

四、生成自签名证书

[root@192 ssl]# openssl x509 -req -days 365 -in server.csr -signkey private.key -out server.crt
Signature ok
subject=C = cn, ST = sn, L = sn, O = sn, OU = sn, CN = sn, emailAddress = 1122@qq.com
Getting Private key
#生成一个有效期为365天的自签名证书，它将使用私钥文件来签名证书请求文件。
可以根据需要调整证书的有效期 -days 参数。

五、配置到服务
本次配置到harbor里可以配置到Nginx、Apache等服务，登录harbor可以看到以下提示，标记为不信任，属于正常访问现象。

六、证书到期时间查看

[root@192 ssl]# openssl x509 -in server.crt -noout -dates
notBefore=Oct 18 11:51:17 2023 GMT
notAfter=Oct 17 11:51:17 2024 GMT