美文网首页后端砖头
通过 OpenSSL 工具生成自签名证书

通过 OpenSSL 工具生成自签名证书

作者: 87d6dc4b11a7 | 来源:发表于2022-05-14 12:10 被阅读0次

    OpenSSL是一个健壮的、商业级的、功能齐全的工具包,用于通用加密和安全通信。

    通过 OpenSSL 工具生成自签名证书

    # Generate CA private key 
openssl genrsa -out ca.key 2048 
# Generate CSR 
openssl req -new -key ca.key -out ca.csr
# Generate Self Signed certificate(CA 根证书)
openssl x509 -req -days 365 -in ca.csr -signkey ca.key -out ca.crt

    具体的执行过程如下:

    [root@localhost ~]# mkdir ssl
[root@localhost ~]# cd ssl/
[root@localhost ssl]#
[root@localhost ssl]# openssl genrsa -out ca.key 2048
Generating RSA private key, 2048 bit long modulus (2 primes)
.....................................................................+++++
.......................................................................................................................................................................................................................................................+++++
e is 65537 (0x010001)
[root@localhost ssl]#
[root@localhost ssl]# ll
总用量 4
-rw------- 1 root root 1675 5月  14 12:01 ca.key
[root@localhost ssl]#
[root@localhost ssl]# openssl req -new -key ca.key -out ca.csr
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:CN
State or Province Name (full name) []:Shanghai
Locality Name (eg, city) [Default City]:Shanghai
Organization Name (eg, company) [Default Company Ltd]:DevOps
Organizational Unit Name (eg, section) []:DevOps
Common Name (eg, your name or your server's hostname) []:DevOps
Email Address []:devops@devops.com

Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:devops
An optional company name []:devops
[root@localhost ssl]#
[root@localhost ssl]# ll
总用量 8
-rw-r--r-- 1 root root 1110 5月  14 12:04 ca.csr
-rw------- 1 root root 1675 5月  14 12:01 ca.key
[root@localhost ssl]#
[root@localhost ssl]# openssl x509 -req -days 365 -in ca.csr -signkey ca.key -out ca.crt
Signature ok
subject=C = CN, ST = Shanghai, L = Shanghai, O = DevOps, OU = DevOps, CN = DevOps, emailAddress = devops@devops.com
Getting Private key
[root@localhost ssl]#
[root@localhost ssl]# ll
总用量 12
-rw-r--r-- 1 root root 1310 5月  14 12:06 ca.crt
-rw-r--r-- 1 root root 1110 5月  14 12:04 ca.csr
-rw------- 1 root root 1675 5月  14 12:01 ca.key
[root@localhost ssl]#

    如果是通过 IP 地址访问 HTTPS 服务,红框内的部分请填写 IP 地址,比如 127.0.0.1,如果通过域名访问,可以将其设置为域名:

    相关文章

      网友评论

        本文标题:通过 OpenSSL 工具生成自签名证书

        本文链接:https://www.haomeiwen.com/subject/ivwpurtx.html

        延伸阅读

        深度阅读

        • 您也可以注册成为美文阅读网的作者,发表您的原创作品、分享您的心情!

        栏目导航

        热点阅读

        后端砖头

        关于我们|服务条款|联系我们|通过 OpenSSL 工具生成自签名证书|投稿指南|网站地图|RSS订阅|排版工具|手机版

        提供经典美文摘抄,优美散文欣赏,现代诗歌精选,短篇小说,心情随笔,表白情书范文,故事会在线阅读欣赏

        Copyright © 2014-2023 Haomeiwen.com All Rights Reserved. 好美文阅读网 版权所有

        备案信息:桂公网安备 45052102000051号 · 桂ICP备13007215号-3

        本站所收录作品、热点评论等信息部分来源互联网,目的只是为了系统归纳学习和传递资讯

        所有作品版权归原创作者所有,与本站立场无关,如不慎侵犯了你的权益,请联系我们告知,我们将做删除处理!