ssl证书是否可以用免费ssl证书，亦或者是认证过签发的证书？ || Can I use a free SSL certificate for the SSL certificate, or is it a certified and issued certificate?

[wqeqwerertert]

大佬，这边有个需求，ssl请求在某种场景下不想安装自签证书，比较麻烦，

想使用认证过的证书，直接就可以使用那种，

比如申请的ssl证书，或者试用的免费证书，

目前使用免费ssl证书试了一下，将证书private.key直接转换成netty支持私钥编码格式
openssl pkcs8 -topk8 -nocrypt -inform PEM -outform DER -in ca.key -out ca_private.der

然后再#crt的生成，通过-subj选项可以自定义证书的相关信息
openssl req -sha256 -new -x509 -days 365 -key ca.key -out ca.crt -subj "/C=CN/ST=GD/L=SZ/O=lee/OU=study/CN=testRoot"

目前按照示例来做的，不装证书访问，浏览器提示不是安全连接

随后将ca.crt替换成使用证书签发后的证书 -----BEGIN CERTIFICATE-----

同样提示不是安全连接，

这样的问题是使用的方法不对，还是证书有问题，不支持这样操作呢？

是否一定要客户端安装ssl证书呢？

---

Boss, there is a need here. SSL request does not want to install a self-signed certificate in certain scenarios, which is quite troublesome.

If you want to use a certified certificate, you can use that directly.

For example, the SSL certificate you applied for, or the free trial certificate,

Currently, I tried using a free SSL certificate and converted the private.key of the certificate directly into the private key encoding format supported by Netty.
openssl pkcs8 -topk8 -nocrypt -inform PEM -outform DER -in ca.key -out ca_private.der

Then generate #crt, and you can customize the relevant information of the certificate through the -subj option
openssl req -sha256 -new -x509 -days 365 -key ca.key -out ca.crt -subj "/C=CN/ST=GD/L=SZ/O=lee/OU=study/CN=testRoot"

Currently, I am following the example. When accessing without installing a certificate, the browser prompts that the connection is not secure.

Then replace ca.crt with the certificate issued using the certificate -----BEGIN CERTIFICATE-----

The same prompt indicates that the connection is not secure.

Is this a problem because the method used is wrong, or there is a problem with the certificate and it does not support this operation?

Does the client have to install an SSL certificate?