<acronym id='d49ui'><em id='d49ui'></em><td id='d49ui'><div id='d49ui'></div></td></acronym><address id='d49ui'><big id='d49ui'><big id='d49ui'></big><legend id='d49ui'></legend></big></address><dl id='d49ui'></dl>

<fieldset id='d49ui'></fieldset>

    <span id='d49ui'></span>

    1. <i id='d49ui'><div id='d49ui'><ins id='d49ui'></ins></div></i>

          <code id='d49ui'><strong id='d49ui'></strong></code>
          <i id='d49ui'></i>

            <ins id='d49ui'></ins>

          1. <tr id='d49ui'><strong id='d49ui'></strong><small id='d49ui'></small><button id='d49ui'></button><li id='d49ui'><noscript id='d49ui'><big id='d49ui'></big><dt id='d49ui'></dt></noscript></li></tr><ol id='d49ui'><table id='d49ui'><blockquote id='d49ui'><tbody id='d49ui'></tbody></blockquote></table></ol><u id='d49ui'></u><kbd id='d49ui'><kbd id='d49ui'></kbd></kbd>

            openssl几个简单使用方法介绍

            • 时间:
            • 浏览:4
            • 来源:124软件资讯网

               Openssl的功效十分强盛  ,在这里我只是给各人讲一些openssl的几个简朴的下令使用:天生密钥 ,天生证书请求  ,天生证书 ,及作为CA来说  ,来天生一个自签证书  。

                1:天生ca的自签证书:

                #cd /etc/pki/CA 进入该目录  ,CA证书必须建设在该目录中

                #openssl genrsa 2048 > /privat/my.key

                天生一个密钥

                #vim /etc/pki/tls/openssl.cnf

                将[ CA_default ]中的dir 选项改为:/etc/pki/CA

                #mkdir ./newcerts

                证书天生后会自动天生一些序列号文件和信息文件  ,而这些文件要放在newcerts目录中  ,以是要是先建立它  ,否则天生证书时会报错提醒说没有改文件  ,以致无法完成

                #touch ./{serial ,index.txt}

                建设序列号文件和index文档

                #echo “00” > ./serial

                给定一个序列号初始值

                #openssl –x509 –new –key private/cakey.pem –out ./cacert.pem –days 1000

                天生ca证书

                2:证书的签署

                #mkdir /root/testcrt

                #cd /root/testcrt

                #openssl genrsa 1024 > my.key

                天生密钥

                Generating RSA private key, 1024 bit long modulus

                ..........................++++++

                ...++++++

                e is 65537 (0x10001)

                ----------------------------------

                #openssl rsa –in my.key –pubout –out test.pub

                检察刚刚天生的密钥文件

                #openssl req –new –key my.key –out my.csr

                天生证书请求

                --------------------------------------

                You are about to be asked to enter information that will be incorporated

                into your certificate request.

                What you are about to enter is what is called a Distinguished Name or a DN.

                There are quite a few fields but you can leave some blank

                For some fields there will be a default value,

                If you enter '.', the field will be left blank.

                -----

                Country Name (2 letter code) [GB]:NA

                State or Province Name (full name) [Berkshire]:HA

                Locality Name (eg, city) [Newbury]:ZZ

                Organization Name (eg, company) [My Company Ltd]:CA

                Organizational Unit Name (eg, section) []:station173.example.com

                Common Name (eg, your name or your server's hostname) []:a.example.com

                Email Address []:root@a.example.com

                Please enter the following 'extra' attributes

                to be sent with your certificate request

                A challenge password []:

                An optional company name []:

                ---------------------------------------------------

                #openssl ca –in my.csr –out my.crt –days 1000

                由ca给其天生证书

                ----------------------------------------------------

                Using configuration from /etc/pki/tls/openssl.cnf

                Check that the request matches the signature

                Signature ok

                Certificate Details:

                Serial Number: 2 (0x2)

                Validity

                Not Before: Feb 25 15:28:21 2010 GMT

                Not After : Nov 21 15:28:21 2012 GMT

                Subject:

                countryName = CN

                stateOrProvinceName 12下一页