Get request
[root@tsghweb openssl]# openssl genrsa -des3 -out server.key 1024
Generating RSA private key, 1024 bit long modulus
............++++++
..........++++++
e is 65537 (0x10001)
Enter pass phrase for server.key:
Verifying - Enter pass phrase for server.key:
[root@tsghweb openssl]# openssl req -new -key server.key -out server.csr
Enter pass phrase for server.key:
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [GB]:
State or Province Name (full name) [Berkshire]:
Locality Name (eg, city) [Newbury]:
Organization Name (eg, company) [My Company Ltd]:
Organizational Unit Name (eg, section) []:
Common Name (eg, your name or your server's hostname) []:
Email Address []:
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:
[root@tsghweb openssl]#
… …
Verify CA file
[root@tsghweb openssl]# openssl verify -CAfile rootca.crt -purpose sslserver rootcaserver.crt
rootcaserver.crt: /C=US/O=VeriSign, Inc./OU=VeriSign Trust Network/OU=Terms of use at https://www.verisign.com/rpa (c)09/CN=VeriSign Class 3 Secure Server CA - G2
error 20 at 0 depth lookup:unable to get local issuer certificate
[root@tsghweb openssl]#
[root@tsghweb openssl]# openssl rsa -noout -modulus -in server.key | openssl sha1
Enter pass phrase for server.key:hp0521
fa955c5e12ba90274553d879ba144afb6f7a3946
[root@tsghweb openssl]#
[root@tsghweb openssl]# openssl verify -CAfile rootcaserver.crt -purpose sslserver rootca.crt
rootca.crt: /C=US/O=VeriSign, Inc./OU=VeriSign Trust Network/OU=Terms of use at https://www.verisign.com/rpa (c)09/CN=VeriSign Class 3 Secure Server CA - G2
error 2 at 1 depth lookup:unable to get issuer certificate
[root@tsghweb openssl]#
… …
Impot certification
[root@tsghweb openssl]# openssl pkcs7 -in server.p7b -inform DER -print_certs -out server-chain.pem
[root@tsghweb openssl]# cp server-chain.pem /etc/pki/tls/certs/server-chain.crt
[root@tsghweb openssl]#
[root@tsghweb openssl]# openssl x509 -in server.cer -inform DER -out server.pem
[root@tsghweb openssl]# cp server.pem /etc/pki/tls/certs/server.crt
[root@tsghweb openssl]# service httpd restart
Stopping httpd: [ OK ]
Starting httpd: Apache/2.2.3 mod_ssl/2.2.3 (Pass Phrase Dialog)
Some of your private key files are encrypted for security reasons.
In order to read them you have to provide the pass phrases.
Server www.hpmtaiwan.tw:443 (RSA)
Enter pass phrase:
OK: Pass Phrase Dialog successful.
[ OK ]
[root@tsghweb openssl]#
分享到:
相关推荐
如何在LINUX服务器CentOS下Apache配置多域名或者多端口映射
在Centos7.6平台下使用openssl给apache做自签名证书,并给apache设置HTTPS的SSL证书。(无坑版) 二、平台 [root@kahn.xiao ~]# uname -r 3.10.0-957.el7.x86_64 [root@kahn.xiao ~]# cat /etc/redhat-release ...
centos 下apache+svn安装让你全面了解svn+apache的安装方法
CentOS 下 Apache + Subversion 实现版本控制
CentOS Apache配置详解CentOS Apache配置详解
CentOS卸载Apache方法.docx
CentOS5.4 下配置Apache服务器详细步骤
CentOS+Apache+PHP+MySQL.pdf 描述 CentOS 下安装配置 Apache+MySQL+PHP
CentOS下apache负载均衡与JBoss集群配置,超级详细简单。。
centos7 apache openssl rewrite apr apr-util pcre expat-devel
CA证书的颁发过程 其实就是颁发给 你所需要颁发的公钥和CA签名。
centos6 apache简单使用,基本报错都能解决。当时自己也是各种出错,所以就有了这个教程。
此资源用于非https的离线Apache安装包,如需配置https,需要补充优化。
LinuxCentOS离线环境下安装Apache所需要的完整包,包含后续安装mod_wsgi的依赖。
centos下安装apache,包括安装所需要的包以及安装说明。apache httpd版本为2.4.10
CentOS 卸载 Apache
Centos7.6下oracle impdp导入和expdp导出,
CentOS下Apache、PHP、MySQL安装配置[参照].pdf
centos6.6 配置apache,php,mysql安装方法