中文字幕av专区_日韩电影在线播放_精品国产精品久久一区免费式_av在线免费观看网站

溫馨提示×

溫馨提示×

您好,登錄后才能下訂單哦!

密碼登錄×
登錄注冊×
其他方式登錄
點擊 登錄注冊 即表示同意《億速云用戶服務條款》

熟練掌握 openssl 證書命令說明

發布時間:2020-05-10 09:03:43 來源:網絡 閱讀:740 作者:17gongdeng 欄目:編程語言

熟練掌握 openssl 證書命令說明
2、在我電腦建立好一個目錄,并啟動 terminal ,進入該目錄
cd /Users/dhbm/Desktop/ssl/sign20180729
1
3、生成Self Signed證書
1)、生成一個key(我的私鑰)
openssl genrsa -des3 -out selfsign.key 4096

結果 (過程中 密碼: 123456)
Generating RSA private key, 4096 bit long modulus
...........++
...........................++
e is 65537 (0x10001)
Enter pass phrase for selfsign.key:
Verifying - Enter pass phrase for selfsign.key:

*** 這時應該生成了一個文件:selfsign.key
ls
selfsign.key

2)使用我的私鑰(上面生成的key),生成一個自簽名請求 certificate signing request (CSR)
openssl req -new -key selfsign.key -out selfsign.csr
結果
Enter pass phrase for selfsign.key:
unable to load Private Key
140735584793480:error:06065064:digital envelope routines:EVP_DecryptFinal_ex:bad decrypt:evp_enc.c:531:
140735584793480:error:0906A065:PEM routines:PEM_do_header:bad decrypt:pem_lib.c:488:

Enter pass phrase for selfsign.key:
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.

Country Name (2 letter code) [AU]:CN
State or Province Name (full name) [Some-State]:BeiJing
Locality Name (eg, city) []:BeiJing
Organization Name (eg, company) [Internet Widgits Pty Ltd]:dhbm.cn
Organizational Unit Name (eg, section) []:dhbm.cn
Common Name (e.g. server FQDN or YOUR name) []:wzh
Email Address []:13501062476@139.com

Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:123456
An optional company name []:dhbm.cn
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
*** 這時應該又生成了一個文件 selfsign.csr
ls
selfsign.csr selfsign.key

3)、用以上證書請求文件(selfsign.csr),生成Self Signed證書
openssl x509 -req -days 365 -in selfsign.csr -signkey selfsign.key -out selfsign.crt
結果
Signature oksubject=/C=CN/ST=BeiJing/L=BeiJing/O=dhbm.cn/OU=dhbm.cn/CN=wzh/emailAddress=13501062476@139.com
br/>subject=/C=CN/ST=BeiJing/L=BeiJing/O=dhbm.cn/OU=dhbm.cn/CN=wzh/emailAddress=13501062476@139.com
Enter pass phrase for selfsign.key:
*** 這時應該又生成了一個文件 selfsign.crt
ls
selfsign.crt selfsign.csr selfsign.key
1
2
3
4
5
6
7
8
9
10
4、生成自己的CA (Certificate Authority)
1)、生成CA的key,這一步和生成證書一樣,也是一個私鑰,文件名 叫 ca.key
openssl genrsa -des3 -out ca.key 4096

×××結果:
Generating RSA private key, 4096 bit long modulus
..................................................................................................++
.....................................++
e is 65537 (0x10001)
Enter pass phrase for ca.key:
Verifying - Enter pass phrase for ca.key:
*** 這時應該又生成了一個文件 ca.key
ls
ca.key selfsign.crt selfsign.csr selfsign.key

2)、生成CA的證書請求、證書 (兩步合二為一了)
openssl req -new -x509 -days 365 -key ca.key -out ca.crt

結果
Enter pass phrase for ca.key:
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.

Country Name (2 letter code) [AU]:CN
State or Province Name (full name) [Some-State]:BeiJing
Locality Name (eg, city) []:BeiJing
Organization Name (eg, company) [Internet Widgits Pty Ltd]:dhbm.cn
Organizational Unit Name (eg, section) []:dhbm.cn
Common Name (e.g. server FQDN or YOUR name) []:wzh
Email Address []:13501062476@139.com
*** 這時應該又生成了 1 個文件 ca.crt (沒有 ca.csr?)
ls
ca.crt ca.key selfsign.crt selfsign.csr selfsign.key
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
5、生成服務器證書,由以上自建的 CA 頒發
1)、前面 2 步 和以上一樣,生成一個 私鑰(key),生成一個證書請求(csr)

生成私鑰

openssl genrsa -des3 -out myserver.key 4096
結果:
Generating RSA private key, 4096 bit long modulus
...................................................................++
...............................................................................................................................................++
e is 65537 (0x10001)
Enter pass phrase for myserver.key:
Verifying - Enter pass phrase for myserver.key:

生成證書請求

openssl req -new -key myserver.key -out myserver.csr
結果:
Enter pass phrase for myserver.key:
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.

Country Name (2 letter code) [AU]:cn
State or Province Name (full name) [Some-State]:BeiJing
Locality Name (eg, city) []:BeiJing
Organization Name (eg, company) [Internet Widgits Pty Ltd]:dhbm.cn
Organizational Unit Name (eg, section) []:dhbm.cn
Common Name (e.g. server FQDN or YOUR name) []:wzh server
Email Address []:13501062476@139.com
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:123456
An optional company name []:dhbm.cn
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
這次和以上不一樣,加上了一個中間人 CA ,表示這是由 CA 認可并辦法的證書
openssl x509 -req -days 365 -in myserver.csr -CA ca.crt -CAkey ca.key -set_serial 01 -out myserver.crt
結果:
Signature ok
subject=/C=cn/ST=BeiJing/L=BeiJing/O=dhbm.cn/OU=dhbm.cn/CN=wzh server/emailAddress=13501062476@139.com
Getting CA Private Key
Enter pass phrase for ca.key:
*** 到這里,又生成了 3 個文件 myserver.key,myserver.csr,myserver.crt
ls
ca.crt myserver.crt myserver.key selfsign.csr
ca.key myserver.csr selfsign.crt selfsign.key
1
2
3
4
5
6
7
8
9
10
6、查看我的證書情況 (myserver)
1)、查看維生素我的私鑰
openssl rsa -noout -text -in myserver.key
結果
Enter pass phrase for myserver.key:
Private-Key: (4096 bit)
modulus:
00:b7:cb:ad:ad:37:bd:e9:3d:a2:36:10:1b:e6:8e:
0c:b7:83:09:3d:3e:09:94:a0:85:b2:2a:c6:68:29
...

2)、查看我的證書請求
openssl req -noout -text -in myserver.csr
Certificate Request:
Data:
Version: 0 (0x0)
Subject: C=cn, ST=BeiJing, L=BeiJing, O=dhbm.cn, OU=dhbm.cn, CN=wzh server/emailAddress=13501062476@139.com
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (4096 bit)
Modulus:
00:b7:cb:ad:ad:37:bd:e9:3d:a2:36:10:1b:e6:8e:
0c:b7:83:09:3d:3e:09:94:a0:85:b2:2a:c6:68:29:
...
Attributes:
challengePassword :123456
unstructuredName :dhbm.cn
Signature Algorithm: sha256WithRSAEncryption
00:6f:04:6c:30:93:88:34:ee:43:f2:ce:2b:d0:3e:11:20:46:
...
3)、查看我的證書
openssl x509 -noout -text -in myserver.crt
Data:
Version: 1 (0x0)
Serial Number: 1 (0x1)
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=CN, ST=BeiJing, L=BeiJing, O=dhbm.cn, OU=dhbm.cn, CN=wzh/emailAddress=13501062476@139.com
Validity
Not Before: Jul 29 09:02:55 2018 GMT
Not After : Jul 29 09:02:55 2019 GMT
Subject: C=cn, ST=BeiJing, L=BeiJing, O=dhbm.cn, OU=dhbm.cn, CN=wzh server/emailAddress=13501062476@139.com
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (4096 bit)
Modulus:
00:b7:cb:ad:ad:37:bd:e9:3d:a2:36:10:1b:e6:8e:
0c:b7:83:09:3d:3e:09:94:a0:85:b2:2a:c6:68:29:
...

4)、驗證我的證書
openssl verify -CAfile ca.crt myserver.crt
myserver.crt: OK
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
7、到這里完成了 3 步 ,自建名證書、CA證書、CA頒發 myserver 證書
疑問:什么是服務端用的?什么是客戶端用的?

向AI問一下細節

免責聲明:本站發布的內容(圖片、視頻和文字)以原創、轉載和分享為主,文章觀點不代表本網站立場,如果涉及侵權請聯系站長郵箱:is@yisu.com進行舉報,并提供相關證據,一經查實,將立刻刪除涉嫌侵權內容。

AI

深泽县| 阳新县| 江油市| 靖边县| 阜阳市| 太仆寺旗| 佳木斯市| 枣阳市| 通渭县| 嘉善县| 延川县| 广宁县| 娱乐| 梨树县| 龙州县| 阿合奇县| 莲花县| 江陵县| 叙永县| 航空| 沿河| 阿克陶县| 嘉义县| 延庆县| 格尔木市| 吉木乃县| 宝鸡市| 贺州市| 双城市| 微博| 阿瓦提县| 庆阳市| 上蔡县| 天长市| 岫岩| 蕉岭县| 柏乡县| 谢通门县| 安达市| 齐河县| 靖远县|