REM 生成CA私钥
openssl genrsa  -out ca.key 16384

REM 生成服务器私钥
openssl genrsa -out server.key 16384

REM 签发CA证书
openssl req  -new -x509 -sha512 -days 36600 -key ca.key -out ca.crt  -config D:\PHPX64\openssl\program\bin\openssl.cfg   -subj "/C=CN/ST=SC/L=ChengDu/O=elsesky.bid/OU=elsesky.bid/CN=ca.elsesky.bid" -extensions v3_req

REM 生成服务器请求(注意,先修改openssl.cfg里面[ v3_req ]的配置,与实际情况一致)
openssl req -new -out server.csr -key server.key -subj "/C=CN/ST=SC/L=ChengDu/O=elsesky.bid/OU=elsesky.bid/CN=*.elsesky.bid" -config D:\PHPX64\openssl\program\bin\openssl.cfg -sha512

REM X509含多域的方式签发:
openssl x509 -req -in server.csr -out server.crt -CA ca.crt -CAkey ca.key -sha512 -days 366000 -extensions v3_req -extfile D:\PHPX64\openssl\program\bin\openssl.cfg -CAcreateserial


关于OPENSSL找不到配置文件的处理方法:
在系统全局环境变量中添加如下内容:
OPENSSL_CONF:c:\openssl\openssl.cfg