first commit

2022-10-18 16:59:37 +08:00 · 2022-10-18 16:59:37 +08:00 · ba848e218d
commit ba848e218d
1001 changed files with 152333 additions and 0 deletions
--- a/工作-盒子/openssl生成https证书.html
+++ b/工作-盒子/openssl生成https证书.html
@ -0,0 +1,165 @@
+<!DOCTYPE html>
+<html>
+<head>
+<meta charset="utf-8">
+<meta name="tool" content="leanote-desktop-app">
+<title>openssl生成https证书</title>
+<style>
+
+*{font-family:"lucida grande","lucida sans unicode",lucida,helvetica,"Hiragino Sans GB","Microsoft YaHei","WenQuanYi Micro Hei",sans-serif;}
+
+body {
+  margin: 0;
+}
+
+/*公用文字样式*/
+h1{font-size:30px}h2{font-size:24px}h3{font-size:18px}h4{font-size:14px}
+.note-container{
+    width:850px; 
+    margin:auto;
+    padding: 10px 20px;
+    box-shadow: 1px 1px 10px #eee;
+}
+#title {
+  margin: 0;
+}
+table {
+    margin-bottom: 16px;
+    border-collapse: collapse;
+}
+table th, table td {
+    padding: 6px 13px;
+    border: 1px solid #ddd;
+}
+table th {
+    font-weight: bold;
+}
+
+table tr {
+    background-color: none;
+    border-top: 1px solid #ccc;
+}
+table tr:nth-child(2n) {
+    background-color: rgb(247, 247, 249);
+}
+.mce-item-table, .mce-item-table td, .mce-item-table th, .mce-item-table caption {
+  border: 1px solid #ddd;
+  border-collapse: collapse;
+  padding: 6px 13px;
+}
+blockquote {
+  border-left-width:10px;
+  background-color:rgba(128,128,128,0.05);
+  border-top-right-radius:5px;
+  border-bottom-right-radius:5px;
+  padding:15px 20px;
+  border-left:5px solid rgba(128,128,128,0.075);
+}
+blockquote p {
+  margin-bottom:1.1em;
+  font-size:1em;
+  line-height:1.45
+}
+blockquote ul:last-child,blockquote ol:last-child {
+  margin-bottom:0
+}
+pre {
+  padding: 18px;
+  background-color: #f7f7f9;
+  border: 1px solid #e1e1e8;
+  border-radius: 3px;
+  display: block;
+}
+code {
+  padding: 2px 4px;
+  font-size: 90%;
+  color: #c7254e;
+  white-space: nowrap;
+  background-color: #f9f2f4;
+  border-radius: 4px;
+}
+.footnote {
+  vertical-align: top;
+  position: relative;
+  top: -0.5em;
+  font-size: .8em;
+}
+
+hr {
+  margin:2em 0
+}
+img {
+  max-width:100%
+}
+pre {
+  word-break:break-word
+}
+p,pre,pre.prettyprint,blockquote {
+  margin:0 0 1.1em
+}
+hr {
+  margin:2em 0
+}
+img {
+  max-width:100%
+}
+.sequence-diagram,.flow-chart {
+  text-align:center;
+  margin-bottom:1.1em
+}
+.sequence-diagram text,.flow-chart text {
+  font-size:15px !important;
+  font-family:"Source Sans Pro",sans-serif !important
+}
+.sequence-diagram [fill="#ffffff"],.flow-chart [fill="#ffffff"] {
+  fill:#f6f6f6
+}
+.sequence-diagram [stroke="#000000"],.flow-chart [stroke="#000000"] {
+  stroke:#3f3f3f
+}
+.sequence-diagram text[stroke="#000000"],.flow-chart text[stroke="#000000"] {
+  stroke:none
+}
+.sequence-diagram [fill="#000"],.flow-chart [fill="#000"],.sequence-diagram [fill="#000000"],.flow-chart [fill="#000000"],.sequence-diagram [fill="black"],.flow-chart [fill="black"] {
+  fill:#3f3f3f
+}
+ul,ol {
+  margin-bottom:1.1em
+}
+ul ul,ol ul,ul ol,ol ol {
+  margin-bottom:1.1em
+}
+kbd {
+  padding:.1em .6em;
+  border:1px solid rgba(63,63,63,0.25);
+  -webkit-box-shadow:0 1px 0 rgba(63,63,63,0.25);
+  box-shadow:0 1px 0 rgba(63,63,63,0.25);
+  font-size:.7em;
+  font-family:sans-serif;
+  background-color:#fff;
+  color:#333;
+  border-radius:3px;
+  display:inline-block;
+  margin:0 .1em;
+  white-space:nowrap
+}
+.toc ul {
+  list-style-type:none;
+  margin-bottom:15px
+}
+</style>
+<!-- 该css供自定义样式 -->
+<link href="../leanote-html.css" rel="stylesheet">
+</head>
+
+<body>
+
+	<div class="note-container">
+		<h1 class="title" id="leanote-title">openssl生成https证书</h1>
+		<div class="content-html" id="leanote-content"><p>1.首先要生成服务器端的私钥(key文件):<br>openssl genrsa -des3 -out server.key 1024<br>运行时会提示输入密码,此密码用于加密key文件<br>去除key文件口令的命令:<br>openssl rsa -in server.key -out server.key</p><p>2.openssl req -new -key server.key -out server.csr -config openssl.cnf<br>生成Certificate Signing Request（CSR）,生成的csr文件交给CA签名后形成服务端自己的证书.屏幕上将有提示,依照其指示一步一步输入要求的个人信息即可.</p><p>3.对客户端也作同样的命令生成key及csr文件:<br>openssl genrsa -des3 -out client.key 1024<br>openssl req -new -key client.key -out client.csr -config openssl.cnf</p><p>4.CSR文件必须有CA的签名才可形成证书.可将此文件发送到verisign等地方由它验证.自己生成：<br>openssl req -new -x509 -keyout ca.key -out ca.crt -config openssl.cnf</p><p>5.用生成的CA的证书为刚才生成的server.csr,client.csr文件签名:<br>Openssl ca -in server.csr -out server.crt -cert ca.crt -keyfile ca.key -config openssl.cnf<br>Openssl ca -in client.csr -out client.crt -cert ca.crt -keyfile ca.key -config openssl.cnf</p><p>注意: 此时会出错：Using configuration from /usr/share/ssl/openssl.cnf I am unable to access the ./demoCA/newcerts directory ./demoCA/newcerts: No such file or directory&nbsp;<br>解决方法： 1).mkdir -p ./demoCA/newcerts&nbsp;<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 　　 2).touch demoCA/index.txt&nbsp;<br>&nbsp;&nbsp;&nbsp; 　　　　 3).touch demoCA/serial&nbsp;<br>&nbsp;&nbsp; 　　　　　4).echo 01 &gt; demoCA/serial</p><p>6.合并证书文件（crt）和私钥文件（key）</p><p>1).cat client.crt client.key &gt; client.pem</p><p>2).cat server.crt server.key &gt; server.pem</p><p>7.合并成pfx证书</p><p>1).openssl pkcs12 -export -clcerts -in client.crt -inkey client.key -out client.p12&nbsp;<br>2).openssl pkcs12 -export -clcerts -in server.crt -inkey server.key -out server.p12&nbsp;<br>8.文本化证书</p><p>1).openssl pkcs12 -in client.p12 -out client.txt</p><p>2).openssl pkcs12 -in server.p12 -out server.txt</p><p>9.屏幕模式显式：（证书、私钥、公钥）</p><p>1).openssl x509 -in client.crt -noout -text -modulus</p><p>2).openssl rsa -in server.key -noout -text -modulus</p><p>3).openssl rsa -in server.pub -noout -text -modulus</p><p>10.得到DH</p><p>1).openssl dhparam -out dh1024.pem 1024</p><p>&nbsp;</p><p>(8) 编辑apache的配置文件httpd.conf<br>开启: LoadModule ssl_module modules/mod_ssl.so<br>去掉以下语句的注释, Include conf/extra/httpd-ssl.conf<br># Secure (SSL/TLS) connections<br>Include conf/extra/httpd-ssl.conf<br>#&nbsp;&nbsp;&nbsp;&nbsp;<br>(9) 编辑 conf/extra/httpd-ssl.conf</p><p>&nbsp;&lt;VirtualHost *:443&gt;<br>&nbsp;&nbsp;SSLEngine On<br>&nbsp;&nbsp;SSLCertificateFile conf/ssl/server.crt<br>&nbsp;&nbsp;SSLCertificateKeyFile conf/ssl/server.key<br>&nbsp;&nbsp;SSLCertificateChainFile conf/ssl/ca.crt<br>&nbsp;&lt;/VirtualHost&gt;&nbsp;&nbsp;</p><p>cd /usr/local/apache/conf<br>openssl genrsa -des3 -out server.key 1024<br>openssl req -new -key server.key -out server.csr -config /usr/local/ssl/openssl.cnf&nbsp;<br>openssl req -new -x509 -keyout ca.key -out ca.crt -config /usr/local/ssl/openssl.cnf&nbsp;<br>mkdir -p ./demoCA/newcerts&nbsp;<br>touch demoCA/index.txt<br>touch demoCA/serial<br>echo 01 &gt; demoCA/serial<br>openssl ca -in server.csr -out server.crt -cert ca.crt -keyfile ca.key -config /usr/local/ssl/openssl.cnf&nbsp;<br>bin/apachectl start</p><p><br></p></div>
+	</div>
+
+<!-- 该js供其它处理 -->
+<script src="../leanote-html.js"></script>
+</body>
+</html>