iProbe/Docs
0
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
Docs/工作-盒子/openssl生成https证书.html
iProbe ba848e218d first commit
2022-10-18 16:59:37 +08:00

165 lines
No EOL
6.8 KiB
HTML
Raw Blame History

This file contains invisible Unicode characters

This file contains invisible Unicode characters that are indistinguishable to humans but may be processed differently by a computer. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

<!DOCTYPE html>
<html>
<head>
<meta charset="utf-8">
<meta name="tool" content="leanote-desktop-app">
<title>openssl生成https证书</title>
<style>
*{font-family:"lucida grande","lucida sans unicode",lucida,helvetica,"Hiragino Sans GB","Microsoft YaHei","WenQuanYi Micro Hei",sans-serif;}
body {
margin: 0;
}
/*公用文字样式*/
h1{font-size:30px}h2{font-size:24px}h3{font-size:18px}h4{font-size:14px}
.note-container{
width:850px;
margin:auto;
padding: 10px 20px;
box-shadow: 1px 1px 10px #eee;
}
#title {
margin: 0;
}
table {
margin-bottom: 16px;
border-collapse: collapse;
}
table th, table td {
padding: 6px 13px;
border: 1px solid #ddd;
}
table th {
font-weight: bold;
}
table tr {
background-color: none;
border-top: 1px solid #ccc;
}
table tr:nth-child(2n) {
background-color: rgb(247, 247, 249);
}
.mce-item-table, .mce-item-table td, .mce-item-table th, .mce-item-table caption {
border: 1px solid #ddd;
border-collapse: collapse;
padding: 6px 13px;
}
blockquote {
border-left-width:10px;
background-color:rgba(128,128,128,0.05);
border-top-right-radius:5px;
border-bottom-right-radius:5px;
padding:15px 20px;
border-left:5px solid rgba(128,128,128,0.075);
}
blockquote p {
margin-bottom:1.1em;
font-size:1em;
line-height:1.45
}
blockquote ul:last-child,blockquote ol:last-child {
margin-bottom:0
}
pre {
padding: 18px;
background-color: #f7f7f9;
border: 1px solid #e1e1e8;
border-radius: 3px;
display: block;
}
code {
padding: 2px 4px;
font-size: 90%;
color: #c7254e;
white-space: nowrap;
background-color: #f9f2f4;
border-radius: 4px;
}
.footnote {
vertical-align: top;
position: relative;
top: -0.5em;
font-size: .8em;
}
hr {
margin:2em 0
}
img {
max-width:100%
}
pre {
word-break:break-word
}
p,pre,pre.prettyprint,blockquote {
margin:0 0 1.1em
}
hr {
margin:2em 0
}
img {
max-width:100%
}
.sequence-diagram,.flow-chart {
text-align:center;
margin-bottom:1.1em
}
.sequence-diagram text,.flow-chart text {
font-size:15px !important;
font-family:"Source Sans Pro",sans-serif !important
}
.sequence-diagram [fill="#ffffff"],.flow-chart [fill="#ffffff"] {
fill:#f6f6f6
}
.sequence-diagram [stroke="#000000"],.flow-chart [stroke="#000000"] {
stroke:#3f3f3f
}
.sequence-diagram text[stroke="#000000"],.flow-chart text[stroke="#000000"] {
stroke:none
}
.sequence-diagram [fill="#000"],.flow-chart [fill="#000"],.sequence-diagram [fill="#000000"],.flow-chart [fill="#000000"],.sequence-diagram [fill="black"],.flow-chart [fill="black"] {
fill:#3f3f3f
}
ul,ol {
margin-bottom:1.1em
}
ul ul,ol ul,ul ol,ol ol {
margin-bottom:1.1em
}
kbd {
padding:.1em .6em;
border:1px solid rgba(63,63,63,0.25);
-webkit-box-shadow:0 1px 0 rgba(63,63,63,0.25);
box-shadow:0 1px 0 rgba(63,63,63,0.25);
font-size:.7em;
font-family:sans-serif;
background-color:#fff;
color:#333;
border-radius:3px;
display:inline-block;
margin:0 .1em;
white-space:nowrap
}
.toc ul {
list-style-type:none;
margin-bottom:15px
}
</style>
<!-- 该css供自定义样式 -->
<link href="../leanote-html.css" rel="stylesheet">
</head>
<body>
<div class="note-container">
<h1 class="title" id="leanote-title">openssl生成https证书</h1>
<div class="content-html" id="leanote-content"><p>1.首先要生成服务器端的私钥(key文件):<br>openssl genrsa -des3 -out server.key 1024<br>运行时会提示输入密码,此密码用于加密key文件<br>去除key文件口令的命令:<br>openssl rsa -in server.key -out server.key</p><p>2.openssl req -new -key server.key -out server.csr -config openssl.cnf<br>生成Certificate Signing RequestCSR,生成的csr文件交给CA签名后形成服务端自己的证书.屏幕上将有提示,依照其指示一步一步输入要求的个人信息即可.</p><p>3.对客户端也作同样的命令生成key及csr文件:<br>openssl genrsa -des3 -out client.key 1024<br>openssl req -new -key client.key -out client.csr -config openssl.cnf</p><p>4.CSR文件必须有CA的签名才可形成证书.可将此文件发送到verisign等地方由它验证.自己生成:<br>openssl req -new -x509 -keyout ca.key -out ca.crt -config openssl.cnf</p><p>5.用生成的CA的证书为刚才生成的server.csr,client.csr文件签名:<br>Openssl ca -in server.csr -out server.crt -cert ca.crt -keyfile ca.key -config openssl.cnf<br>Openssl ca -in client.csr -out client.crt -cert ca.crt -keyfile ca.key -config openssl.cnf</p><p>注意: 此时会出错Using configuration from /usr/share/ssl/openssl.cnf I am unable to access the ./demoCA/newcerts directory ./demoCA/newcerts: No such file or directory&nbsp;<br>解决方法: 1).mkdir -p ./demoCA/newcerts&nbsp;<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;    2).touch demoCA/index.txt&nbsp;<br>&nbsp;&nbsp;&nbsp;      3).touch demoCA/serial&nbsp;<br>&nbsp;&nbsp;      4).echo 01 &gt; demoCA/serial</p><p>6.合并证书文件crt和私钥文件key</p><p>1).cat client.crt client.key &gt; client.pem</p><p>2).cat server.crt server.key &gt; server.pem</p><p>7.合并成pfx证书</p><p>1).openssl pkcs12 -export -clcerts -in client.crt -inkey client.key -out client.p12&nbsp;<br>2).openssl pkcs12 -export -clcerts -in server.crt -inkey server.key -out server.p12&nbsp;<br>8.文本化证书</p><p>1).openssl pkcs12 -in client.p12 -out client.txt</p><p>2).openssl pkcs12 -in server.p12 -out server.txt</p><p>9.屏幕模式显式:(证书、私钥、公钥)</p><p>1).openssl x509 -in client.crt -noout -text -modulus</p><p>2).openssl rsa -in server.key -noout -text -modulus</p><p>3).openssl rsa -in server.pub -noout -text -modulus</p><p>10.得到DH</p><p>1).openssl dhparam -out dh1024.pem 1024</p><p>&nbsp;</p><p>(8) 编辑apache的配置文件httpd.conf<br>开启: LoadModule ssl_module modules/mod_ssl.so<br>去掉以下语句的注释, Include conf/extra/httpd-ssl.conf<br># Secure (SSL/TLS) connections<br>Include conf/extra/httpd-ssl.conf<br>#&nbsp;&nbsp;&nbsp;&nbsp;<br>(9) 编辑 conf/extra/httpd-ssl.conf</p><p>&nbsp;&lt;VirtualHost *:443&gt;<br>&nbsp;&nbsp;SSLEngine On<br>&nbsp;&nbsp;SSLCertificateFile conf/ssl/server.crt<br>&nbsp;&nbsp;SSLCertificateKeyFile conf/ssl/server.key<br>&nbsp;&nbsp;SSLCertificateChainFile conf/ssl/ca.crt<br>&nbsp;&lt;/VirtualHost&gt;&nbsp;&nbsp;</p><p>cd /usr/local/apache/conf<br>openssl genrsa -des3 -out server.key 1024<br>openssl req -new -key server.key -out server.csr -config /usr/local/ssl/openssl.cnf&nbsp;<br>openssl req -new -x509 -keyout ca.key -out ca.crt -config /usr/local/ssl/openssl.cnf&nbsp;<br>mkdir -p ./demoCA/newcerts&nbsp;<br>touch demoCA/index.txt<br>touch demoCA/serial<br>echo 01 &gt; demoCA/serial<br>openssl ca -in server.csr -out server.crt -cert ca.crt -keyfile ca.key -config /usr/local/ssl/openssl.cnf&nbsp;<br>bin/apachectl start</p><p><br></p></div>
</div>
<!-- 该js供其它处理 -->
<script src="../leanote-html.js"></script>
</body>
</html>
Reference in a new issue View git blame Copy permalink