一 生成服务器端的私钥server.key
[root@localhost opensscommand]# openssl genrsa -des3 -out server.key 1024
Generating RSA private key, 1024 bit long modulus
..................++++++
..................++++++
e is 65537 (0x10001)
Enter pass phrase for server.key:
Verifying - Enter pass phrase for server.key:
二 生成服务器端证书请求server.csr
[root@localhost opensscommand]# openssl req -new -key server.key -out server.csr
Enter pass phrase for server.key:
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:cn
State or Province Name (full name) []:sanxi
Locality Name (eg, city) [Default City]:xian
Organization Name (eg, company) [Default Company Ltd]:Family Network
Organizational Unit Name (eg, section) []:Home
Common Name (eg, your name or your server's hostname) []:cakin24
Email Address []:cakin24@qq.com
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:123456
An optional company name []:
生成过程中需要输入以下信息:
Country Name: cn 两个字母的国家代号
State or Province Name: sanxi 省份名称
Locality Name: xian 城市名称
Organization Name: Family Network 公司名称
Organizational Unit Name: Home 部门名称
Common Name: cakin24 你的姓名
Email Address: cakin24@qq.com Email地址
三 生成客户端的的私钥client.key
[root@localhost opensscommand]# openssl genrsa -des3 -out client.key 1024
Generating RSA private key, 1024 bit long modulus
..................................................................................................++++++
.................++++++
e is 65537 (0x10001)
Enter pass phrase for client.key:
Verifying - Enter pass phrase for client.key:
四 生成客户端证书请求client.csr
[root@localhost opensscommand]# openssl req -new -key client.key -out client.csr
Enter pass phrase for client.key:
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:cn
State or Province Name (full name) []:sanxi
Locality Name (eg, city) [Default City]:xian
Organization Name (eg, company) [Default Company Ltd]:Family Network
Organizational Unit Name (eg, section) []:Home
Common Name (eg, your name or your server's hostname) []:cakin24
Email Address []:cakin24@qq.com
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:123456
An optional company name []:
五 生成自签名根证书ca.crt
[root@localhost opensscommand]# openssl req -new -x509 -keyout ca.key -out ca.crt
Generating a 2048 bit RSA private key
.................................+++
............+++
writing new private key to 'ca.key'
Enter PEM pass phrase:
Verifying - Enter PEM pass phrase:
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:cn
State or Province Name (full name) []:sanxi
Locality Name (eg, city) [Default City]:xian
Organization Name (eg, company) [Default Company Ltd]:Family Network
Organizational Unit Name (eg, section) []:Home
Common Name (eg, your name or your server's hostname) []:cakin24
Email Address []:cakin24@qq.com
六 用ca.crt给server.csr,client.csr文件签名
openssl ca -in server.csr -out server.crt -cert ca.crt -keyfile ca.key -config openssl.cnf
openssl ca -in client.csr -out client.crt -cert ca.crt -keyfile ca.key -config openssl.cnf
七 证书使用方法
client使用的文件有:ca.crt,client.crt,client.key
server使用的文件有:ca.crt,server.crt,server.key
相关推荐
现在你将得到一个名为cert.cer的证书文件。 修改server.xml将 maxThreads="150" scheme="https" secure="true" keystoreFile="bin/.keystore" keystorePass=" s3cret" clientAuth="false" sslProtocol="TLS" /...
绿色版 速度快 免安装,免去复杂的window安装步骤,直接运行,命令行快速生成*.key,*.csr,*.crt等文件,亲测绝对好用
如果每次使用openssl生成自签名证书时都遇到openssl ,那么此工具非常适合您! 一个轻量级的库以及命令行界面,用于使用纯go生成自签名的SSL / TLS证书。 安装 brew install moorara/brew/gocert 对于其他平台,您...
1.安装必要的软件 引用 我用的是apahce2.0.61版,可以直接官方提供的绑定openssl的apache... 生成服务器用的私钥文件server.key 进入conf目录,执行命令行 openssl genrsa -out server.key 1024 有文档指出使用 openssl
塞尔根 使用随机密码生成自签名证书的脚本,用于快速启动测试服务器。 出于莫名其妙的原因,安全界... 此脚本只需一步生成自签名密钥和证书文件,并在命令行上传递域。 需要 、OpenSSL 和/tmp预先存在的临时文件夹。
密钥库资源管理器 KeyStore Explorer是Java命令行实用程序...以多种格式导入和导出密钥和证书:PKCS#12,PKCS#8,PKCS#7,DER / PEM X.509证书文件,Microsoft PVK,SPC,PKI路径,OpenSSL 生成,查看和签名
介绍此应用程序提供了一个简单的SAML身份提供程序(IdP),以使用或单一注销配置... 您可以使用以下命令生成密钥对(在路径中需要openssl): openssl req -x509 -new -newkey rsa:2048 -nodes -subj ' /C=US/ST=Califo
构建后,该可执行文件应该不具有依赖项,例如,它不需要OpenSSL。 便利和安全是主要目标。 它没有配置文件,只需要几个(如果有的话)容易提供的命令行参数。 如果便利性和安全性发生冲突,我愿意为安全性牺牲一点...
SSL生成器 创建证书颁发机构,密钥和证书的命令行脚本。 这是基于Jamie Nguyen的《 指南的。 安装 克隆此仓库。 然后运行npm install来安装依赖项...在/tmp目录中创建新的服务器端CA,密钥和证书文件。 $ node main.js
* 当保存文件时权限被拒, 则保存 favorites.dat 时会生成崩溃报告 * 解决了当处理 MLSD 目录列表时导致字段被转换为小写字母的问题 FlashFXP v3.6 Final - (3.6.0 build 1240) 新功能 • 在每个站点选项都添加了...
7.5.7 用正则表达式进行字符串分割 7.5.7 ——preg_split 115 7.6 字符操作的注意事项 117 7.7 小结 118 第8章 数组操作与数据结构算法 119 8.1 一维数组与多维数组 119 8.1.1 一维数组简介 119 8.1.2 多维数组简介 ...