Linux:自签证书生成

keytool\
 -keystore server.jks  -storepass thisisapassword  -deststoretype pkcs12 \
 -genkeypair -keyalg RSA -validity 395 -keysize 2048  -sigalg SHA256withRSA \
 -dname "CN=registry.example.com,O=KingSoft,OU=BigData,L=Wuhan,ST=Hubei,C=CN" \
 -ext "SAN=IP:192.168.56.1,DNS:registry.example.com,EMAIL:admin@example.com"

openssl pkcs12 -in server.jks -nodes -nocerts -out cert.key
openssl pkcs12 -in server.jks -nokeys -out cert.crt


信任证书

sudo cp cert.crt /usr/local/share/ca-certificates/registry.example.com.crt
sudo update-ca-certificates

Windows: 右键安装->本地计算机->浏览->受信任的根证书颁发机构,需要重启浏览器