一 生成服务器端的私钥server.key
[root@localhost opensscommand]# openssl genrsa -des3 -out server.key 1024
Generating RSA private key, 1024 bit long modulus
..................++++++
..................++++++
e is 65537 (0x10001)
Enter pass phrase for server.key:
Verifying - Enter pass phrase for server.key:
二 生成服务器端证书请求server.csr
[root@localhost opensscommand]# openssl req -new -key server.key -out server.csr
Enter pass phrase for server.key:
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:cn
State or Province Name (full name) []:sanxi
Locality Name (eg, city) [Default City]:xian
Organization Name (eg, company) [Default Company Ltd]:Family Network
Organizational Unit Name (eg, section) []:Home
Common Name (eg, your name or your server's hostname) []:cakin24
Email Address []:cakin24@qq.com
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:123456
An optional company name []:
生成过程中需要输入以下信息:
Country Name: cn 两个字母的国家代号
State or Province Name: sanxi 省份名称
Locality Name: xian 城市名称
Organization Name: Family Network 公司名称
Organizational Unit Name: Home 部门名称
Common Name: cakin24 你的姓名
Email Address: cakin24@qq.com Email地址
三 生成客户端的的私钥client.key
[root@localhost opensscommand]# openssl genrsa -des3 -out client.key 1024
Generating RSA private key, 1024 bit long modulus
..................................................................................................++++++
.................++++++
e is 65537 (0x10001)
Enter pass phrase for client.key:
Verifying - Enter pass phrase for client.key:
四 生成客户端证书请求client.csr
[root@localhost opensscommand]# openssl req -new -key client.key -out client.csr
Enter pass phrase for client.key:
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:cn
State or Province Name (full name) []:sanxi
Locality Name (eg, city) [Default City]:xian
Organization Name (eg, company) [Default Company Ltd]:Family Network
Organizational Unit Name (eg, section) []:Home
Common Name (eg, your name or your server's hostname) []:cakin24
Email Address []:cakin24@qq.com
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:123456
An optional company name []:
五 生成自签名根证书ca.crt
[root@localhost opensscommand]# openssl req -new -x509 -keyout ca.key -out ca.crt
Generating a 2048 bit RSA private key
.................................+++
............+++
writing new private key to 'ca.key'
Enter PEM pass phrase:
Verifying - Enter PEM pass phrase:
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:cn
State or Province Name (full name) []:sanxi
Locality Name (eg, city) [Default City]:xian
Organization Name (eg, company) [Default Company Ltd]:Family Network
Organizational Unit Name (eg, section) []:Home
Common Name (eg, your name or your server's hostname) []:cakin24
Email Address []:cakin24@qq.com
六 用ca.crt给server.csr,client.csr文件签名
openssl ca -in server.csr -out server.crt -cert ca.crt -keyfile ca.key -config openssl.cnf
openssl ca -in client.csr -out client.crt -cert ca.crt -keyfile ca.key -config openssl.cnf
七 证书使用方法
client使用的文件有:ca.crt,client.crt,client.key
server使用的文件有:ca.crt,server.crt,server.key
扫一扫
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
