1、创建私钥和公钥,模拟证书颁发机构生成证书,生成一对密钥
1、指定私钥长度1024,并且将生成的私钥信息保存在文件里,且利用小括号功能,修改子shell的umask
(umask 077;openssl genrsa -out server1024.key 1024)
umask 077 更改系统当前的umask的值,创建文件后系统默认的权限
openssl genrsa -out server1024.key 1024 指定算法生成指定长度的密钥
() 括号表示开启一个子shell来创建当前的命令,不会修改当前全局的umask值,使用子shell临时生效
[root@web01 test_openssl]# (umask 077;openssl genrsa -out server1024.key 1024)
Generating RSA private key, 1024 bit long modulus
...............++++++
.....................................++++++
e is 65537 (0x10001)
2、读取私钥文件,选择非对称加密算法rsa,生成公钥,写入到文件中
openssl rsa -in server1024.key -pubout -out server1024.key.pub
让openssl指定rsa算法,读取server1024.key,-pubout 读取公钥信息,输出到server1-24.key.pub文件当中
[root@web01 test_openssl]# openssl rsa -in server1024.key -pubout -out server1024.key.pub
writing RSA key
3、生成证书
openssl req -new -x509 -key server1024.key -out server.crt -days 365
参数解释
req 创建整数
new 新证书
x509 证书标准格式
key 调用私钥文件
out 输出证书文件
days 证书有效期
[root@web01 test_openssl]# openssl req -new -x509 -key server1024.key -out server.crt -days 365
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:CN # 生成证书的国家
State or Province Name (full name) []:BJ # 省份
Locality Name (eg, city) [Default City]:BJ # 城市
Organization Name (eg, company) [Default Company Ltd]:luffycity # 生成证书的组织
Organizational Unit Name (eg, section) []:IT # 部门
# 填写服务器主机名,域名。客户端通过主机名和服务器连接,获取证书
Common Name (eg, your name or your server's hostname) []:luffycity.cn
Email Address []:601579538@qq.com # 邮箱
[root@web01 test_openssl]# ls
server1024.key.pub # 公钥文件
server1024.key # 私钥文件
server.crt # 证书
网友评论