生成自签名SSL证书

作者: 二三10111 | 来源:发表于2017-09-20 14:00 被阅读0次

下载执行文件

本文操作平台windows，安装 TortoiseGit后，在其 git bash中执行 openssl。

0x1 ca 根证书,生成 `ca.crt`

openssl genrsa -out ca.pem 2048
openssl ecparam -genkey -name secp384r1 -out ca.pem
openssl req -config conf/ca.cnf -newkey rsa:2048 -x509 -days 3650 -key ca.pem -out ca.crt

conf/ca.cnf

[req]
req_extensions = v3_req
distinguished_name = req_distinguished_name
prompt = no
[req_distinguished_name]   
countryName            = CN
stateOrProvinceName    = Beijing                  
localityName           = Beijing                  
postalCode             = 100022                   
streetAddress          = GuoMaoSanQi              
organizationName       = apfelboymschule          
organizationalUnitName = Support_CA               
emailAddress           = http.bj@qq.com  
0.commonName           = localhost 
[ v3_req ]
keyUsage = keyEncipherment, dataEncipherment
extendedKeyUsage = serverAuth

0x2 server 服务端生成 `server.key`,`server.crt` (添加了extfile.cnf)

openssl genrsa -out server.key 2048
openssl ecparam -genkey -name secp384r1 -out server.key
openssl req -config conf/server.cnf -new -key server.key -out server_reqout.txt 
openssl x509 -req -in server_reqout.txt -days 3650 -sha1 -CAcreateserial -CA ca.crt -CAkey ca.pem -out server.crt -extfile conf/extfile.cnf

conf/extfile.cnf

subjectAltName = @alt_names
[alt_names]
IP.1 = 127.0.0.1
IP.2 = 192.168.10.51
DNS.1 = localhost

conf/server.cnf

[req]
req_extensions = v3_req
distinguished_name = req_distinguished_name
prompt = no

[req_distinguished_name]
countryName            = CN                             
stateOrProvinceName    = Beijing                       
localityName           = Beijing                        
postalCode             = 100022                        
streetAddress          = GuoMaoSanQi                  
organizationName       = apfelboymschule               
organizationalUnitName = Support_Server                  
emailAddress           = http.bj@qq.com  
0.commonName           = localhost 

[ v3_req ]
keyUsage = keyEncipherment, dataEncipherment
extendedKeyUsage = serverAuth

0x3 client 客户端生成 `client.key`,`client.crt`

openssl genrsa -out client.key 2048
openssl ecparam -genkey -name secp384r1 -out client.key
openssl req -config conf/client.cnf -new -key client.key -out client_reqout.txt 
openssl x509 -req -in client_reqout.txt -days 3650 -sha1 -CAcreateserial -CA ca.crt -CAkey ca.pem -out client.crt

conf/client.cnf

[req]
req_extensions = v3_req
distinguished_name = req_distinguished_name
prompt = no

[req_distinguished_name]
countryName            = CN                             
stateOrProvinceName    = Beijing                       
localityName           = Beijing                        
postalCode             = 100022                        
streetAddress          = GuoMaoSanQi                  
organizationName       = apfelboymschule               
organizationalUnitName = `"Support_Client"'                  
emailAddress           = http.bj@qq.com  
0.commonName           = localhost 

[ v3_req ]
keyUsage = keyEncipherment, dataEncipherment
extendedKeyUsage = clientAuth

以上ca.cnf,client.cnf,server.cnf 中的内容可以为同一个。在本示例中只是修改了 organizationalUnitName

网友评论

本文标题：生成自签名SSL证书

本文链接：https://www.haomeiwen.com/subject/jbcosxtx.html

延伸阅读

深度阅读

您也可以注册成为美文阅读网的作者，发表您的原创作品、分享您的心情！

生成自签名SSL证书

下载执行文件

0x1 ca 根证书,生成 `ca.crt`

conf/ca.cnf

0x2 server 服务端生成 `server.key`,`server.crt` (添加了extfile.cnf)

conf/extfile.cnf

conf/server.cnf

0x3 client 客户端生成 `client.key`,`client.crt`

conf/client.cnf

相关文章

网友评论

延伸阅读

深度阅读

栏目导航

热点阅读

生成自签名SSL证书

下载执行文件

0x1 ca 根证书,生成 ca.crt

conf/ca.cnf

0x2 server 服务端生成 server.key,server.crt (添加了extfile.cnf)

conf/extfile.cnf

conf/server.cnf

0x3 client 客户端生成 client.key,client.crt

conf/client.cnf

相关文章

网友评论

延伸阅读

深度阅读

栏目导航

热点阅读

0x1 ca 根证书,生成 `ca.crt`

0x2 server 服务端生成 `server.key`,`server.crt` (添加了extfile.cnf)

0x3 client 客户端生成 `client.key`,`client.crt`