具体实现:
iOS端
生成公钥和私钥
- 新建文件夹,用来保存生成的私钥和公钥,打开终端 cd 新建,进入到新建文件夹中,
openssl打开openssl -
genrsa -out rsa_private_key.pem 1024生成私钥 -
pkcs8 -topk8 -inform PEM -in rsa_private_key.pem -outform PEM -nocrypt这步一定要有,需要将私钥转成PKCS8的格式才能使用,此时复制私钥(先复制私钥,然后在4步取出公钥, 使用这里的私钥和第四部生成的公钥, 不要使用rsa_private_key.pem里面的私钥, 否则会报algid parse error, not a sequence 错误, 就是说没有进行pkcs8 编码) -
rsa -in rsa_private_key.pem -pubout -out rsa_public_key.pem生成公钥
writing RSA key
此时在新建文件夹中会出现两个文件
储存公钥和私钥的pem文件
- 生成 .csr 文件
req -new -out cert.csr -key rsa_private_key.pem(创建证书请求)
注意: 这一步一定是私钥, 不能是公钥
[图片上传中...(屏幕快照 2018-05-23 上午12.36.41.png-9c8012-1527007028144-0)]
下面是输出结果:
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) []:CN
State or Province Name (full name) []:ZJ
Locality Name (eg, city) []:HZ
Organization Name (eg, company) []:BeiLian
Organizational Unit Name (eg, section) []:BillionTect
Common Name (eg, fully qualified host name) []:BL
Email Address []:wangtf@xx.com
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:123456
最终的显示效果
屏幕快照 2018-05-23 上午12.36.41.jpg
- 生成 .der文件
x509 -req -in cert.csr -out rsa_public_key.der -outform der -signkey rsa_private_key.pem -days 3650(自签署根证书)
输出结果:
Signature ok
subject=/C=CN/ST=ZJ/L=HZ/O=BeiLian/OU=BillionTect/CN=BL/emailAddress=wangtf@billiontech.com
Getting Private key
- 退出
OpenSSL> exit
最终生成4个文件
屏幕快照 2018-05-23 上午12.41.39.png
网友评论