本地测试证书配置

# 安装依赖
apt install libnss3-tools

# 下载 Linux 平台二进制文件
wget https://github.com/FiloSottile/mkcert/releases/download/v1.4.4/mkcert-v1.4.4-linux-amd64

# 重命名
mv mkcert-v1.4.4-linux-amd64 mkcert

# 移动到 bin 下
mv mkcert /usr/local/bin/

# 测试命令
mkcert -help

# 生成根证书
root@ubuntu:~# mkcert -install
Created a new local CA 💥
The local CA is now installed in the system trust store! ⚡

# 生成域名证书
root@ubuntu:~# mkcert *.ubuntu.local ubuntu.local

Created a new certificate valid for the following names 📜
 - "*.ubuntu.local"
 - "ubuntu.local"

Reminder: X.509 wildcards only go one level deep, so this won't match a.b.ubuntu.local ℹ️

The certificate is at "./_wildcard.ubuntu.local+1.pem" and the key at "./_wildcard.ubuntu.local+1-key.pem" ✅

It will expire on 28 February 2027 🗓

# nginx 配置
root@ubuntu:~# mv _wildcard.ubuntu.local+1-key.pem /etc/nginx/cert/key.pem
root@ubuntu:~# mv _wildcard.ubuntu.local+1.pem /etc/nginx/cert/cert.pem

# 重新载入配置文件
systemctl reload nginx

客户端需要将根证书的公钥和ssl证书的公钥 copy 过来，在客户端安装即可。