第一步: 生成私鑰
$ openssl genrsa -out server.key 1024
Generating RSA private key, 1024 bit long modulus . .......................... e is 65537 (0x10001)
$ openssl genrsa -out client.key 1024
Generating RSA private key, 1024 bit long modulus ... .................................................... e is 65537 (0x10001)
$ openssl genrsa -out ca.key 1024
Generating RSA private key, 1024 bit long modulus ............................................................. ......... e is 65537 (0x10001)
第二步: 證書請求
$ openssl req -new -key server.key -out server.csr -days 1095
$ openssl req -new -key client.key -out client.csr -days 1095
$ openssl req -new -x509 -key ca.key -out ca.crt -days 1095
第三步: 申請證書(爲請求文件簽名)
$ openssl ca -in server.csr -out server.crt -cert ca.crt -keyfile ca.key
$ openssl ca -in client.csr -out client.crt -cert ca.crt -keyfile ca.key
如果在這步出現錯誤信息:
$ openssl ca -in client.csr -out client.crt -cert ca.crt -keyfile ca.key
Using configuration from /usr/share/ssl/openssl.cnf I am unable to access the ./demoCA/newcerts directory ./demoCA/newcerts: No such file or directory
自己手動創建一個CA目錄結構:
$ mkdir ./demoCA
$ mkdir demoCA/newcerts
創建個空文件:
$ vi demoCA/index.txt
向文件中寫入01:
$ vi demoCA/serial
合併證書文件(crt)和私鑰文件(key):
$ cat client.crt client.key > client.pem [weigw@TEST bin]$ cat server.crt server.key > server.pem
合併成pfx證書:
$ openssl pkcs12 -export -clcerts -in client.crt -inkey client.key -out client.p12
Enter Export Password:
Verifying - Enter Export Password:
$openssl pkcs12 -export -clcerts -in server.crt -inkey server.key -out server.p12
Enter Export Password:
Verifying - Enter Export Password:
文本化證書:
$ openssl pkcs12 -in client.p12 -out client.txt Enter Import Password:
MAC verified OK
Enter PEM pass phrase: Verifying - Enter PEM pass phrase:
$openssl pkcs12 -in server.p12 -out server.txt
Enter Import Password:
MAC verified OK
Enter PEM pass phrase: Verifying - Enter PEM pass phrase:
openssl
發表評論
所有評論
還沒有人評論,想成為第一個評論的人麼? 請在上方評論欄輸入並且點擊發布.