熟練掌握openssl證書命令說明-創(chuàng)新互聯(lián)

熟練掌握 openssl 證書命令說明
2、在我電腦建立好一個(gè)目錄，并啟動 terminal ，進(jìn)入該目錄
cd /Users/dhbm/Desktop/ssl/sign20180729
1
3、生成Self Signed證書
1）、生成一個(gè)key（我的私鑰）
openssl genrsa -des3 -out selfsign.key 4096

確山網(wǎng)站建設(shè)公司創(chuàng)新互聯(lián)建站,確山網(wǎng)站設(shè)計(jì)制作，有大型網(wǎng)站制作公司豐富經(jīng)驗(yàn)。已為確山上千多家提供企業(yè)網(wǎng)站建設(shè)服務(wù)。企業(yè)網(wǎng)站搭建\成都外貿(mào)網(wǎng)站制作要多少錢，請找那個(gè)售后服務(wù)好的確山做網(wǎng)站的公司定做！

結(jié)果（過程中密碼： 123456）
Generating RSA private key, 4096 bit long modulus
...........++
...........................++
e is 65537 (0x10001)
Enter pass phrase for selfsign.key:
Verifying - Enter pass phrase for selfsign.key:

*** 這時(shí)應(yīng)該生成了一個(gè)文件：selfsign.key
ls
selfsign.key

2）使用我的私鑰（上面生成的key），生成一個(gè)自簽名請求 certificate signing request (CSR)
openssl req -new -key selfsign.key -out selfsign.csr
結(jié)果
Enter pass phrase for selfsign.key:
unable to load Private Key
140735584793480:error:06065064:digital envelope routines:EVP_DecryptFinal_ex:bad decrypt:evp_enc.c:531:
140735584793480:error:0906A065:PEM routines:PEM_do_header:bad decrypt:pem_lib.c:488:

Enter pass phrase for selfsign.key:
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.

Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:123456
An optional company name []:dhbm.cn
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
*** 這時(shí)應(yīng)該又生成了一個(gè)文件 selfsign.csr
ls
selfsign.csr selfsign.key

3)、用以上證書請求文件（selfsign.csr），生成Self Signed證書
openssl x509 -req -days 365 -in selfsign.csr -signkey selfsign.key -out selfsign.crt
結(jié)果
Signature oksubject=/C=CN/ST=BeiJing/L=BeiJing/O=dhbm.cn/OU=dhbm.cn/CN=wzh/emailAddress=13501062476@139.com
br/>subject=/C=CN/ST=BeiJing/L=BeiJing/O=dhbm.cn/OU=dhbm.cn/CN=wzh/emailAddress=13501062476@139.com
Enter pass phrase for selfsign.key:
*** 這時(shí)應(yīng)該又生成了一個(gè)文件 selfsign.crt
ls
selfsign.crt selfsign.csr selfsign.key
1
2
3
4
5
6
7
8
9
10
4、生成自己的CA (Certificate Authority)
1）、生成CA的key，這一步和生成證書一樣，也是一個(gè)私鑰，文件名叫 ca.key
openssl genrsa -des3 -out ca.key 4096

×××結(jié)果：
Generating RSA private key, 4096 bit long modulus
..................................................................................................++
.....................................++
e is 65537 (0x10001)
Enter pass phrase for ca.key:
Verifying - Enter pass phrase for ca.key:
*** 這時(shí)應(yīng)該又生成了一個(gè)文件 ca.key
ls
ca.key selfsign.crt selfsign.csr selfsign.key

2）、生成CA的證書請求、證書（兩步合二為一了）
openssl req -new -x509 -days 365 -key ca.key -out ca.crt

結(jié)果
Enter pass phrase for ca.key:
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.

Country Name (2 letter code) [AU]:CN
State or Province Name (full name) [Some-State]:BeiJing
Locality Name (eg, city) []:BeiJing
Organization Name (eg, company) [Internet Widgits Pty Ltd]:dhbm.cn
Organizational Unit Name (eg, section) []:dhbm.cn
Common Name (e.g. server FQDN or YOUR name) []:wzh
Email Address []:13501062476@139.com
*** 這時(shí)應(yīng)該又生成了 1 個(gè)文件 ca.crt （沒有 ca.csr?）
ls
ca.crt ca.key selfsign.crt selfsign.csr selfsign.key
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
5、生成服務(wù)器證書，由以上自建的 CA 頒發(fā)
1）、前面 2 步和以上一樣，生成一個(gè) 私鑰（key），生成一個(gè)證書請求（csr）

生成私鑰

openssl genrsa -des3 -out myserver.key 4096
結(jié)果：
Generating RSA private key, 4096 bit long modulus
...................................................................++
...............................................................................................................................................++
e is 65537 (0x10001)
Enter pass phrase for myserver.key:
Verifying - Enter pass phrase for myserver.key:

生成證書請求

openssl req -new -key myserver.key -out myserver.csr
結(jié)果：
Enter pass phrase for myserver.key:
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.

Country Name (2 letter code) [AU]:cn
State or Province Name (full name) [Some-State]:BeiJing
Locality Name (eg, city) []:BeiJing
Organization Name (eg, company) [Internet Widgits Pty Ltd]:dhbm.cn
Organizational Unit Name (eg, section) []:dhbm.cn
Common Name (e.g. server FQDN or YOUR name) []:wzh server
Email Address []:13501062476@139.com
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:123456
An optional company name []:dhbm.cn
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
這次和以上不一樣，加上了一個(gè)中間人 CA ，表示這是由 CA 認(rèn)可并辦法的證書
openssl x509 -req -days 365 -in myserver.csr -CA ca.crt -CAkey ca.key -set_serial 01 -out myserver.crt
結(jié)果：
Signature ok
subject=/C=cn/ST=BeiJing/L=BeiJing/O=dhbm.cn/OU=dhbm.cn/CN=wzh server/emailAddress=13501062476@139.com
Getting CA Private Key
Enter pass phrase for ca.key:
*** 到這里，又生成了 3 個(gè)文件 myserver.key，myserver.csr，myserver.crt
ls
ca.crt myserver.crt myserver.key selfsign.csr
ca.key myserver.csr selfsign.crt selfsign.key
1
2
3
4
5
6
7
8
9
10
6、查看我的證書情況（myserver）
1）、查看維生素我的私鑰
openssl rsa -noout -text -in myserver.key
結(jié)果
Enter pass phrase for myserver.key:
Private-Key: (4096 bit)
modulus:
00:b7:cb:ad:ad:37:bd:e9:3d:a2:36:10:1b:e6:8e:
0c:b7:83:09:3d:3e:09:94:a0:85:b2:2a:c6:68:29
...

2)、查看我的證書請求
openssl req -noout -text -in myserver.csr
Certificate Request:
Data:
Version: 0 (0x0)
Subject: C=cn, ST=BeiJing, L=BeiJing, O=dhbm.cn, OU=dhbm.cn, CN=wzh server/emailAddress=13501062476@139.com
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (4096 bit)
Modulus:
00:b7:cb:ad:ad:37:bd:e9:3d:a2:36:10:1b:e6:8e:
0c:b7:83:09:3d:3e:09:94:a0:85:b2:2a:c6:68:29:
...
Attributes:
challengePassword :123456
unstructuredName :dhbm.cn
Signature Algorithm: sha256WithRSAEncryption
00:6f:04:6c:30:93:88:34:ee:43:f2:ce:2b:d0:3e:11:20:46:
...
3)、查看我的證書
openssl x509 -noout -text -in myserver.crt
Data:
Version: 1 (0x0)
Serial Number: 1 (0x1)
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=CN, ST=BeiJing, L=BeiJing, O=dhbm.cn, OU=dhbm.cn, CN=wzh/emailAddress=13501062476@139.com
Validity
Not Before: Jul 29 09:02:55 2018 GMT
Not After : Jul 29 09:02:55 2019 GMT
Subject: C=cn, ST=BeiJing, L=BeiJing, O=dhbm.cn, OU=dhbm.cn, CN=wzh server/emailAddress=13501062476@139.com
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (4096 bit)
Modulus:
00:b7:cb:ad:ad:37:bd:e9:3d:a2:36:10:1b:e6:8e:
0c:b7:83:09:3d:3e:09:94:a0:85:b2:2a:c6:68:29:
...

4）、驗(yàn)證我的證書
openssl verify -CAfile ca.crt myserver.crt
myserver.crt: OK
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
7、到這里完成了 3 步，自建名證書、CA證書、CA頒發(fā) myserver 證書
疑問：什么是服務(wù)端用的？什么是客戶端用的？

另外有需要云服務(wù)器可以了解下創(chuàng)新互聯(lián)scvps.cn，海內(nèi)外云服務(wù)器15元起步，三天無理由+7*72小時(shí)售后在線，公司持有idc許可證，提供“云服務(wù)器、裸金屬服務(wù)器、高防服務(wù)器、香港服務(wù)器、美國服務(wù)器、虛擬主機(jī)、免備案服務(wù)器”等云主機(jī)租用服務(wù)以及企業(yè)上云的綜合解決方案，具有“安全穩(wěn)定、簡單易用、服務(wù)可用性高、性價(jià)比高”等特點(diǎn)與優(yōu)勢，專為企業(yè)上云打造定制，能夠滿足用戶豐富、多元化的應(yīng)用場景需求。

標(biāo)題名稱：熟練掌握openssl證書命令說明-創(chuàng)新互聯(lián)
網(wǎng)頁鏈接：http://bm7419.com/article44/dssghe.html

成都網(wǎng)站建設(shè)公司_創(chuàng)新互聯(lián)，為您提供定制網(wǎng)站、網(wǎng)站導(dǎo)航、網(wǎng)站建設(shè)、建站公司、網(wǎng)站設(shè)計(jì)公司、云服務(wù)器

聲明：本網(wǎng)站發(fā)布的內(nèi)容（圖片、視頻和文字）以用戶投稿、用戶轉(zhuǎn)載內(nèi)容為主，如果涉及侵權(quán)請盡快告知，我們將會在第一時(shí)間刪除。文章觀點(diǎn)不代表本網(wǎng)站立場，如需處理請聯(lián)系客服。電話：028-86922220；郵箱：631063699@qq.com。內(nèi)容未經(jīng)允許不得轉(zhuǎn)載，或轉(zhuǎn)載時(shí)需注明來源：創(chuàng)新互聯(lián)

猜你還喜歡下面的內(nèi)容