OpenSSL:构建安全网络通信的基石

最新推荐文章于 2025-06-22 18:53:17 发布
最新推荐文章于 2025-06-22 18:53:17 发布
阅读量823 收藏 4
点赞数 3
CC 4.0 BY-SA版权
文章标签: 安全 linux ansible zabbix nginx centos
版权声明:本文为博主原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。
本文链接:https://blog.youkuaiyun.com/weixin_43663196/article/details/143109863

引言

在互联网蓬勃发展的今天,信息安全成为了企业和个人都极为关注的问题。无论是个人隐私保护还是商业数据安全传输,加密技术都扮演着至关重要的角色。OpenSSL作为一款强大的加密工具包,为实现安全的数据交换提供了坚实的基础。本文将探讨OpenSSL的基本概念、功能特性以及如何使用它来加强网络通信的安全性。

什么是OpenSSL?
OpenSSL是一个开源软件库,提供多种密码算法、商用级的加密工具以及SSL/TLS协议的支持。它最初由Eric Young和Tim Hudson于1998年创建,现已成为广泛使用的安全套件之一。OpenSSL支持多种加密算法,包括但不限于RSA、AES、DES等,并且能够用于创建数字证书和密钥对,管理X.509证书,以及进行SSL/TLS连接测试。

主要功能

  • 加密算法:OpenSSL支持大量的对称和非对称加密算法,允许开发者根据需要选择最适合的加密方式。

  • SSL/TLS协议支持:OpenSSL能够帮助开发人员为他们的应用程序添加安全层,确保数据在网络中的传输是加密的,并且接收方是可信的。

  • 证书管理:OpenSSL提供了创建和管理数字证书的功能,这对于身份验证和建立信任关系至关重要。

  • 随机数生成器:一个高质量的随机数生成器对于加密操作来说是非常必要的,OpenSSL内置了一个随机数生成器来满足这一需求。

如何使用OpenSSL

安装OpenSSL
对于Linux系统,可以通过包管理器如apt或yum来安装OpenSSL:

sudo apt-get install openssl

对于Windows系统,可以下载预编译的二进制文件或者通过Chocolatey等工具安装。
创建和管理证书
使用OpenSSL可以轻松地生成私钥和公钥证书:

openssl req -x509 -newkey rsa:2048 -nodes -keyout key.pem -out cert.pem -days 365 -subj "/C=CN/ST=Beijing/L=Beijing/O=Example Inc/CN=www.example.com"

上述命令会生成一个有效期为一年(365天)的自签名证书cert.pem以及对应的私钥key.pem。

测试SSL/TLS连接
OpenSSL还提供了一种简单的方法来测试服务器上的SSL/TLS配置是否正确

openssl s_client -connect www.example.com:443 -servername www.example.com

这将尝试与指定的服务器建立SSL/TLS连接,并显示连接信息和任何错误消息

下面我以rocky实现openssl私有证书和证书申请

[root@Rocky ~]#mkdir -pv /etc/pki/CA/{certs,crl,newcerts,private}
mkdir: created directory '/etc/pki/CA'
mkdir: created directory '/etc/pki/CA/certs'
mkdir: created directory '/etc/pki/CA/crl'
mkdir: created directory '/etc/pki/CA/newcerts'
mkdir: created directory '/etc/pki/CA/private'
[root@Rocky ~]#tree /etc/pki/CA/
/etc/pki/CA/
├── certs
├── crl
├── newcerts
└── private

4 directories, 0 files
[root@Rocky ~]#touch /etc/pki/CA/index.txt
[root@Rocky ~]#echo 01 >/etc/pki/CA/serial
[root@Rocky CA]#(umask 066; openssl genrsa -out private/cakey.pem 2048)
[root@Rocky CA]#tree
.
├── certs
├── crl
├── newcerts
└── private
    └── cakey.pem

4 directories, 1 file
[root@Rocky CA]#ll private/cakey.pem 
-rw-------. 1 root root 1704 Oct 13 21:20 private/cakey.pem
[root@Rocky CA]#cat private/cakey.pem
-----BEGIN PRIVATE KEY-----
MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDFVfd7JB6Xt2OV
GtOfqX3fAZPyAgVZvnKlM2xIG8ZkJgaWu8Sm1JEJEv2TZsw/TMoTEPYrvbH8d0jM
ydDkKYVenW8bwCcrnd3C+DF8jwyUWHtL1E9GoD1lLkgQSSOAPa2RI5Yz6DQ8rNTS
F1Z7UQupoXVUNjrE8o+0wMm0Qs/oX6OeHjYuaeol3zp3a8RJgghL93W2NZVQM0lE
ffpFWX+xzBH3it7xuJ109Yh4WtuLA0YbYJyDzZ7xxaWqpvf/mE47K6m9Yfe/3mHD
8hpuP2o2quWyMlIGMJ1suzqkIPuhhur0a0M1uStCtJcBut6vWb24lNcU4Zmb1kJX
74ycya0rAgMBAAECggEAFVoXv5lpEqseBCMAH/KpHclKwUZVCYtbq01fm4PJ2R9A
2kFx5fKdHi68WkfRX3ixwBNh7NoHLqqXfspy0aU+eujXqK3cxHw947E9kDKIPsA+
LbZzZ3sXeYxi8W7V1QlCGltlOV5C0gffX+Yfjj324EFfSR/fBwgPOD8d9A/AoENm
61fWx6nudPJP9UVrVgsWNemqVf70nOPy9okq7TH6Iyu80x9rUf7iFcjZAcTH/35h
USPoMjS6eqBeLfPaqNyjt+9Yu0HFVKzwHHAda7nLjxYvZNGsjFneiKtg5h9W+CsN
LiCJvACGkCidjeUPQa4rsDRcVGv8HefRGNq/msghkQKBgQDpj/dl0BMJMmVHV4Lt
HVdYRUWRTH/i9wGi12bWX4FqZFVYIlWjqWINhVRHg+ffRNKoW6U+UIc18s/1Bx8V
zkXgn09+sBpvkJ7lrlr8an2iSzKd71ILXLDEG19a8QuEw/ff6RXA7H9xL+ZSMvAt
3uCck5AlJHsOzOeeLmUMG4ll0QKBgQDYSxM/pojEK7Zf5pXNw3OrTYxO0MfEdvsz
4ifw0csWN8PyV6UeD8pLP1NqOG3wj7n+jDaeFuPgi2GONfAumu5xXd8wS3tXEhxP
zfs4FeVj+9hQ/bBHNvood+mDvlzmPM+oZzdC1i3xhjuo8LRsOzopXj/EfCMcFW8v
iXlAyPtWOwKBgQCFpaC+PKM35wN3IEdF4T1CwFi/fNPNDuR7xuAMmRfXxlPjm7n/
bYQzEnEYfw0mgB4+wjo6/x9vqmJ+5jVOZ/sqPl7hsmleH5Yc/XkI6PK89GShZPlA
kSiA/tzAkB+0N+LV2G1fOLTwEqWrsYQn61oBnpqj9k0IOg3rQMcHd5ZWkQKBgChp
lpYc8o7cr/2pIrJIY5NNMPsE7V5a8MKX7eiD+lMTZkwgbhx4zM5Ubax6EKiS4iia
YBYXpsosoLSmhVLf5c9Ov8XRRKFXI+0RSnAHP034H0m6rLYRopnvFbVk2wy1rgME
DgIx7HGlJ/5/wuY6Brr1/iojG5hCtPyHzhz5sGRDAoGBALBiqSAbUW4bkJGDUkII
h4itbSX+ZPkmcvfEH2Jhqv/tWALI3nbdCijukg0Bi5MWdfHIddHkfJiqfpelsttT
vaB9iODCb/6WhN4x9nwyLhLpXLNDI8VTS8fbsnWYOHHBiFX4hykYnJVCGIjbvUCv
m6qH2d4TveFKsZKJerzZ50Bf
-----END PRIVATE KEY-----
[root@Rocky CA]#openssl req -new -x509 -key /etc/pki/CA/private/cakey.pem -days 3650 -out /etc/pki/CA/cacert.pem
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:CN
State or Province Name (full name) []:sichuang
Locality Name (eg, city) [Default City]:chengdu
Organization Name (eg, company) [Default Company Ltd]:caige
Organizational Unit Name (eg, section) []:devops
Common Name (eg, your name or your server's hostname) []:caoge.cn
Email Address []:admin@caoge.cn
[root@Rocky CA]#tree
.
├── cacert.pem
├── certs
├── crl
├── newcerts
└── private
    └── cakey.pem

4 directories, 2 files
[root@Rocky CA]#openssl x509 -in cacert.pem -noout -text
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3c:28:e7:96:ff:d1:39:ba:3f:50:ee:6b:66:a7:c7:12:45:c4:5d:1a
        Signature Algorithm: sha256WithRSAEncryption
        Issuer: C = CN, ST = sichuang, L = chengdu, O = caige, OU = devops, CN = caoge.cn, emailAddress = admin@caoge.cn
        Validity
            Not Before: Oct 13 13:30:28 2024 GMT
            Not After : Oct 11 13:30:28 2034 GMT
        Subject: C = CN, ST = sichuang, L = chengdu, O = caige, OU = devops, CN = caoge.cn, emailAddress = admin@caoge.cn
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                Public-Key: (2048 bit)
                Modulus:
                    00:c5:55:f7:7b:24:1e:97:b7:63:95:1a:d3:9f:a9:
                    7d:df:01:93:f2:02:05:59:be:72:a5:33:6c:48:1b:
                    c6:64:26:06:96:bb:c4:a6:d4:91:09:12:fd:93:66:
                    cc:3f:4c:ca:13:10:f6:2b:bd:b1:fc:77:48:cc:c9:
                    d0:e4:29:85:5e:9d:6f:1b:c0:27:2b:9d:dd:c2:f8:
                    31:7c:8f:0c:94:58:7b:4b:d4:4f:46:a0:3d:65:2e:
                    48:10:49:23:80:3d:ad:91:23:96:33:e8:34:3c:ac:
                    d4:d2:17:56:7b:51:0b:a9:a1:75:54:36:3a:c4:f2:
                    8f:b4:c0:c9:b4:42:cf:e8:5f:a3:9e:1e:36:2e:69:
                    ea:25:df:3a:77:6b:c4:49:82:08:4b:f7:75:b6:35:
                    95:50:33:49:44:7d:fa:45:59:7f:b1:cc:11:f7:8a:
                    de:f1:b8:9d:74:f5:88:78:5a:db:8b:03:46:1b:60:
                    9c:83:cd:9e:f1:c5:a5:aa:a6:f7:ff:98:4e:3b:2b:
                    a9:bd:61:f7:bf:de:61:c3:f2:1a:6e:3f:6a:36:aa:
                    e5:b2:32:52:06:30:9d:6c:bb:3a:a4:20:fb:a1:86:
                    ea:f4:6b:43:35:b9:2b:42:b4:97:01:ba:de:af:59:
                    bd:b8:94:d7:14:e1:99:9b:d6:42:57:ef:8c:9c:c9:
                    ad:2b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier: 
                DB:3D:A0:56:D1:02:98:08:30:57:A1:22:EA:EE:AF:6F:53:F3:48:A6
            X509v3 Authority Key Identifier: 
                DB:3D:A0:56:D1:02:98:08:30:57:A1:22:EA:EE:AF:6F:53:F3:48:A6
            X509v3 Basic Constraints: critical
                CA:TRUE
    Signature Algorithm: sha256WithRSAEncryption
    Signature Value:
        af:0d:99:46:17:62:63:f9:f1:18:c3:00:2f:18:e0:25:4f:c4:
        f6:6c:c6:dc:62:2d:1d:9e:62:9c:67:ef:83:bd:ad:65:f5:c3:
        a4:41:da:aa:3b:43:5b:bf:29:72:eb:95:9d:55:d2:cb:87:5b:
        a6:8a:67:4f:8e:d9:97:ba:1e:7b:28:6a:f7:89:b5:d3:7e:ac:
        ea:69:9d:95:b8:71:5c:19:7d:58:f1:e5:34:13:1f:ca:fa:38:
        5c:39:37:f3:4c:9f:f8:d5:ba:22:52:53:8b:fa:e3:7b:99:d0:
        ee:74:f8:90:a7:8d:6f:1c:7d:20:bb:c5:8b:59:f3:18:56:99:
        5c:6a:9d:f0:e2:52:df:5b:05:96:b4:d1:19:ec:fb:62:aa:46:
        43:65:51:7f:57:1d:07:7e:1a:87:9c:fb:c8:e9:a3:90:42:f1:
        92:71:6d:aa:0c:a7:29:7c:47:e7:e7:cf:dd:d0:fe:ad:fa:2f:
        1a:ed:18:cf:53:cf:f6:3f:d6:66:56:dc:89:73:e5:d3:5f:2a:
        a3:a5:c7:09:6c:1e:e9:0a:56:5d:4a:a0:b2:ab:1c:a2:9f:e2:
        62:78:7c:03:45:63:cf:34:a9:ce:49:8c:e9:39:de:cd:27:c2:
        92:d6:7c:e0:04:98:6e:02:77:97:ce:86:b0:5f:4d:f7:5d:13:
        e1:33:41:7b
[root@Rocky CA]#mkdir /data/app1
[root@Rocky CA]#cd /data/app1/
[root@Rocky app1]#ls
[root@Rocky app1]#(umask 066;openssl genrsa -out /data/app1/app1.key 2048)
[root@Rocky app1]#cat app1.key 
-----BEGIN PRIVATE KEY-----
MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDKjvpn0sI/um+P
mHiEuMIoniHvlxzed6zhCTPt+b5sLC+6PZ+e11dTxmvXK8skvJ8s1pwlP0baj/rh
HxVShIo3Jr3Z11MCtH6PItpRuCjIRHjS+k6J82xtDNj/to+1Vp0ZjzLaxt0cUmUG
aXDFsf9CnvW+5aOino+j6iaL+SPtZP46QmvVzmQRsRA128AJyxrw4JG6972hAejQ
So9A7QnyGQoZxS3pbEIuUjqg3/Fj4TXlrh1VlYY1u18ynlPEgO5XVBmyOIfBUT3/
uouHYwTPbp59asrdhq8s9p2JAPKGsukAhkX+GdAlyvhQ0ijWUny7jfZCdL+NkqGQ
CMUmnYNzAgMBAAECggEAGe2Do6mIgB7Nq+xLikrvXhf2ZmmJ4kzK/hfZo/24AGGx
jvMst5N/Pp54lwIojnXEduQA+GA+og2/AnT3m5M9RpejbTsmNC5Fau3+UxUxxzIY
jdeeGQNl3sQ/vI+yRSHRRIBzdSnyYJndYPI7OLBdk7oENnYaOYp2qXfN4lSMOD/f
C5i5sEhOGWIn2DAt4cUvhIhUNOjMlblPhbH7NzitT31TldoKEnFM1n5Xx8cVFau1
2IWOf29s3OKbEgWM9IEpbMOYY78EyizwCJt2lDDo0y0L7fd0Zzd+CrkQssySkD+T
cNVKH5vNeHGr2sxv2S6luJsggJu+sMa5nNWtQvtuxQKBgQDmqQCeqW4a56qvcNW2
qlv7o2bbjIg1UdESqF6qmjncQLOW/EPngfpsDO8GKvVwdIQuw1+iaSIb2Qfid9HY
+GuIPZxdjap41ovOusWmD3C+J7rGME3JW+iFmt0cvROMvqZrfAij/HrWzkQ6VD0h
t5+y6+L5zDMLe05N5ICKMBGI1QKBgQDgz6fSCRLRSeBrGrQoc1gdMLkg2wnMyHzm
+HKLxmzkb/6kOf5gLl3yO4O3njJ/M/3drhoKpxlJCdv4FGHQa6MLZZEGWq3e8vAM
zPMXFtPA8C8JsTOeINuCKMxb8QrujDoCrNOuZjTcFtJG+jAW0n47MttrBaW5Hwkg
se/aJNB/JwKBgQC4mK5vTAdbLuZx66qNur9MnxP1Rv3HNkhNV0QT4sPFml5fyloJ
0AL7MEqmtACjVAxpZGCIGP18Le/adawSqZVdfnlCgdrZRFK1StJdOOQwupkGfafz
K0PmkO6+Ti90JywGv0gm/SvN91uxFrOp5UvApHmNErgTS0Z6nhGlBh0yVQKBgQCl
ACRXZyt1irh5Q9c43Tet7QXjlICD2h66U12XM2LW41BNbvdB1qZDVOUfDrBXZmyM
mO0qJmzLi730Pdlw5J99jOU9ea6ltT701jQRHUL8GA0eGv4csFcMGC+tx6PTY/5r
2jdfiEqBwwpA5/4FsibOAkzDJxj0X1AOvCqjvGN+/wKBgFsKFu5zDiXXHwngATjN
oToFOlNZUz0egDQlK+U8uIdvGOdTJPShLybKy2XX/v5wUFCn2xnPCXEVmZ+x3dNT
IYk3fhWU0h8zeWKon/DLvd6HLnZULZQKL7gZ8rSxtP2i8XmU7Ku/q+gcShLOWyF4
nSqTIsYTzxw0kRvQS2vCLipR
-----END PRIVATE KEY-----
[root@Rocky ~]#cd
[root@Rocky ~]#openssl req -new -key /data/app1/app1.key -out /data/app1/app1.csr
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:CN
State or Province Name (full name) []:sichuang
Locality Name (eg, city) [Default City]:yb
Organization Name (eg, company) [Default Company Ltd]:caige
Organizational Unit Name (eg, section) []:it
Common Name (eg, your name or your server's hostname) []:app1.caige.cn
Email Address []:admin@caige

Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:
[root@Rocky ~]#openssl ca -in /data/app1/app1.csr -out /etc/pki/CA/certs/app1.crt -days 1000
Using configuration from /etc/pki/tls/openssl.cnf
Check that the request matches the signature
Signature ok
Certificate Details:
        Serial Number: 1 (0x1)
        Validity
            Not Before: Oct 13 14:29:51 2024 GMT
            Not After : Jul 10 14:29:51 2027 GMT
        Subject:
            countryName               = CN
            stateOrProvinceName       = sichuang
            organizationName          = caige
            organizationalUnitName    = it
            commonName                = app1.caige.cn
            emailAddress              = admin@caige
        X509v3 extensions:
            X509v3 Basic Constraints: 
                CA:FALSE
            X509v3 Subject Key Identifier: 
                AD:CE:2E:DE:8C:0F:89:8E:B2:3B:0D:83:36:FE:BF:20:10:A4:AF:5A
            X509v3 Authority Key Identifier: 
                DB:3D:A0:56:D1:02:98:08:30:57:A1:22:EA:EE:AF:6F:53:F3:48:A6
Certificate is to be certified until Jul 10 14:29:51 2027 GMT (1000 days)
Sign the certificate? [y/n]:y


1 out of 1 certificate requests certified, commit? [y/n]y
Write out database with 1 new entries
Data Base Updated
[root@Rocky ~]#tree /etc/pki/CA/
/etc/pki/CA/
├── cacert.pem
├── certs
│   └── app1.crt
├── crl
├── index.txt
├── index.txt.attr
├── index.txt.old
├── newcerts
│   └── 01.pem
├── private
│   └── cakey.pem
├── serial
└── serial.old

4 directories, 9 files
[root@Rocky ~]#cat /etc/pki/CA/certs/app1.crt 
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1 (0x1)
        Signature Algorithm: sha256WithRSAEncryption
        Issuer: C=CN, ST=sichuang, L=chengdu, O=caige, OU=devops, CN=caoge.cn/emailAddress=admin@caoge.cn
        Validity
            Not Before: Oct 13 14:29:51 2024 GMT
            Not After : Jul 10 14:29:51 2027 GMT
        Subject: C=CN, ST=sichuang, O=caige, OU=it, CN=app1.caige.cn/emailAddress=admin@caige
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                Public-Key: (2048 bit)
                Modulus:
                    00:ca:8e:fa:67:d2:c2:3f:ba:6f:8f:98:78:84:b8:
                    c2:28:9e:21:ef:97:1c:de:77:ac:e1:09:33:ed:f9:
                    be:6c:2c:2f:ba:3d:9f:9e:d7:57:53:c6:6b:d7:2b:
                    cb:24:bc:9f:2c:d6:9c:25:3f:46:da:8f:fa:e1:1f:
                    15:52:84:8a:37:26:bd:d9:d7:53:02:b4:7e:8f:22:
                    da:51:b8:28:c8:44:78:d2:fa:4e:89:f3:6c:6d:0c:
                    d8:ff:b6:8f:b5:56:9d:19:8f:32:da:c6:dd:1c:52:
                    65:06:69:70:c5:b1:ff:42:9e:f5:be:e5:a3:a2:9e:
                    8f:a3:ea:26:8b:f9:23:ed:64:fe:3a:42:6b:d5:ce:
                    64:11:b1:10:35:db:c0:09:cb:1a:f0:e0:91:ba:f7:
                    bd:a1:01:e8:d0:4a:8f:40:ed:09:f2:19:0a:19:c5:
                    2d:e9:6c:42:2e:52:3a:a0:df:f1:63:e1:35:e5:ae:
                    1d:55:95:86:35:bb:5f:32:9e:53:c4:80:ee:57:54:
                    19:b2:38:87:c1:51:3d:ff:ba:8b:87:63:04:cf:6e:
                    9e:7d:6a:ca:dd:86:af:2c:f6:9d:89:00:f2:86:b2:
                    e9:00:86:45:fe:19:d0:25:ca:f8:50:d2:28:d6:52:
                    7c:bb:8d:f6:42:74:bf:8d:92:a1:90:08:c5:26:9d:
                    83:73
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Basic Constraints: 
                CA:FALSE
            X509v3 Subject Key Identifier: 
                AD:CE:2E:DE:8C:0F:89:8E:B2:3B:0D:83:36:FE:BF:20:10:A4:AF:5A
            X509v3 Authority Key Identifier: 
                DB:3D:A0:56:D1:02:98:08:30:57:A1:22:EA:EE:AF:6F:53:F3:48:A6
    Signature Algorithm: sha256WithRSAEncryption
    Signature Value:
        66:a0:d6:f4:cd:2e:ee:09:92:38:03:61:8a:d9:7e:4e:78:aa:
        3c:ca:d0:93:39:cd:97:ee:8e:9e:f4:0e:eb:0c:cf:17:e3:d8:
        e5:41:1c:ca:5b:fe:21:68:97:f7:f1:f0:5f:18:77:31:1d:27:
        12:ef:cf:59:c5:1d:a7:46:0b:c3:8b:10:69:54:37:90:9f:f1:
        a9:a7:56:10:c9:0a:96:95:7f:62:40:e7:aa:a9:2c:86:6e:6a:
        32:8f:56:27:2b:19:7b:f3:9c:c8:ba:a5:0a:a5:07:71:fc:0a:
        a5:c6:2e:2b:ee:b1:2c:6a:77:69:a1:25:aa:5c:b3:3e:d0:90:
        d0:e1:b0:d0:4c:c5:8f:2b:b2:c9:63:85:b1:fb:ea:3c:cc:f4:
        5a:f6:32:1d:fd:dd:21:bd:e8:f6:dd:79:3a:ae:e7:75:b9:55:
        02:fc:28:d3:63:62:a6:40:ba:49:08:54:69:39:6f:80:21:ef:
        b6:5d:5e:2c:56:08:dd:99:ab:bc:e8:45:86:c2:f8:37:b5:3c:
        86:8e:db:d9:57:d6:43:01:f4:16:b4:7b:5d:4a:6d:17:eb:f2:
        de:e1:4c:4a:30:cb:54:83:ab:7c:f7:d1:c0:f5:60:34:62:dc:
        30:58:c1:c4:89:c6:8b:f5:f8:04:97:23:36:27:30:3e:f2:86:
        e9:a7:4a:41
-----BEGIN CERTIFICATE-----
MIIDvzCCAqegAwIBAgIBATANBgkqhkiG9w0BAQsFADCBhTELMAkGA1UEBhMCQ04x
ETAPBgNVBAgMCHNpY2h1YW5nMRAwDgYDVQQHDAdjaGVuZ2R1MQ4wDAYDVQQKDAVj
YWlnZTEPMA0GA1UECwwGZGV2b3BzMREwDwYDVQQDDAhjYW9nZS5jbjEdMBsGCSqG
SIb3DQEJARYOYWRtaW5AY2FvZ2UuY24wHhcNMjQxMDEzMTQyOTUxWhcNMjcwNzEw
MTQyOTUxWjBxMQswCQYDVQQGEwJDTjERMA8GA1UECAwIc2ljaHVhbmcxDjAMBgNV
BAoMBWNhaWdlMQswCQYDVQQLDAJpdDEWMBQGA1UEAwwNYXBwMS5jYWlnZS5jbjEa
MBgGCSqGSIb3DQEJARYLYWRtaW5AY2FpZ2UwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDKjvpn0sI/um+PmHiEuMIoniHvlxzed6zhCTPt+b5sLC+6PZ+e
11dTxmvXK8skvJ8s1pwlP0baj/rhHxVShIo3Jr3Z11MCtH6PItpRuCjIRHjS+k6J
82xtDNj/to+1Vp0ZjzLaxt0cUmUGaXDFsf9CnvW+5aOino+j6iaL+SPtZP46QmvV
zmQRsRA128AJyxrw4JG6972hAejQSo9A7QnyGQoZxS3pbEIuUjqg3/Fj4TXlrh1V
lYY1u18ynlPEgO5XVBmyOIfBUT3/uouHYwTPbp59asrdhq8s9p2JAPKGsukAhkX+
GdAlyvhQ0ijWUny7jfZCdL+NkqGQCMUmnYNzAgMBAAGjTTBLMAkGA1UdEwQCMAAw
HQYDVR0OBBYEFK3OLt6MD4mOsjsNgzb+vyAQpK9aMB8GA1UdIwQYMBaAFNs9oFbR
ApgIMFehIurur29T80imMA0GCSqGSIb3DQEBCwUAA4IBAQBmoNb0zS7uCZI4A2GK
2X5OeKo8ytCTOc2X7o6e9A7rDM8X49jlQRzKW/4haJf38fBfGHcxHScS789ZxR2n
RgvDixBpVDeQn/Gpp1YQyQqWlX9iQOeqqSyGbmoyj1YnKxl785zIuqUKpQdx/Aql
xi4r7rEsandpoSWqXLM+0JDQ4bDQTMWPK7LJY4Wx++o8zPRa9jId/d0hvej23Xk6
rud1uVUC/CjTY2KmQLpJCFRpOW+AIe+2XV4sVgjdmau86EWGwvg3tTyGjtvZV9ZD
AfQWtHtdSm0X6/Le4UxKMMtUg6t899HA9WA0YtwwWMHEicaL9fgElyM2JzA+8obp
p0pB
-----END CERTIFICATE-----

OpenSSL是一个强大而灵活的工具,对于希望在其应用中集成高级加密功能的开发人员来说,它是不可或缺的。随着互联网威胁日益复杂化,了解并掌握OpenSSL这样的基础安全工具变得越来越重要。无论你是刚接触加密的新手还是经验丰富的专业人士,OpenSSL都能为你提供所需的安全保障。

Mr. Cao code
关注
OpenSSL基本介绍
Best_ZYJ的博客
09-18 1590
OpenSSL的简介: OpenSSL:开放源代码的软件库包 (SSL是Secure Sockets Layer(安全套接层协议)的缩写,可以在Internet上提供秘密性传输 ) 作用:安全通信。 应用范围:应用在互联网的网页服务器上 影响:Netscape公司在推出第一个Web浏览器的同时,提出了SSL协议标准。已经成为Internet上保密通讯的工业标准。 SSL是如...
深入解析SSL/TLS证书:构建现代网络安全的密码学基石1.1 TLS 1.3握手流程优化
2501_90994755的博客
03-22 1945
通过深入理解SSL/TLS证书的技术本质,开发者可以构建真正面向未来的安全通信体系,在密码学演进和攻防对抗中保持技术领先优势。配置Wireshark的TLS协议首选项 (Edit → Preferences → Protocols → TLS)危险淘汰套件: TLS_RSA_WITH_3DES_EDE_CBC_SHA(存在SWEET32攻击漏洞)RSA-2048 CRYSTALS-Kyber (768) 标准草案。现代推荐套件示例: TLS_AES_256_GCM_SHA384。
OpenSSL简介
02-24 295
 OpenSSL简介  SSL是Secure Socket Layer(安全套接层协议)的缩写,可以在Internet上提供秘密性传输。Netscape公司在推出第一个Web浏览器的同时,提出了SSL协议标准,目前已有3.0版本。SSL采用公开密钥技术。其目标是保证两个应用间通信的保密性和可靠性,可在服务器端和用户端同时实现支持。目前,利用公开密钥技术的SSL协议,已成为Internet上保密
OpenSSL基操
最新发布
weixin_51430302的博客
06-22 1248
根据私钥导出公钥。
OpenSSl 的一些介绍(转)
weixin_30449239的博客
03-04 186
linux下,我们经常可以看到一个叫做openssl-x.x.rpm的包,或许许多人猜想它和ssl有关,没错!但是远不完全,openssl不但实现了ssl的一些接口,它所涵盖的内容从底层对称、非对称加密算法的到建立在其上的PKCS(Public Key Infrastrature)的接口(包括X509证书、PKCS标准、ASN.1等)的实现是一应俱全,甚至还给了一个有关CA的例子。openssl...
OpenSSL
Interview_TC的博客
10-26 2152
OpenSSL 是一个多功能的命令行工具和密码库,主要用于构建基于公共密钥基础设施(PKI)和 HTTPS 的加密方案。它支持各种加密算法(例如 RSA、AES 等),提供密钥生成和证书管理功能,还能够实现 SSL/TLS 协议,确保数据传输安全。公钥基础设施 (PKI):OpenSSL 支持公钥加密方案,可以生成公钥和私钥,并利用证书管理加密和签名任务。SSL/TLS 支持:OpenSSL 提供了 SSL/TLS 协议实现,帮助构建安全的数据传输。加密算法。
OpenSSL 3.0.7版发布:网络安全通信的基石
总之,OpenSSL是一个功能强大的开源加密库,为网络通信提供了广泛的安全支持,包括数据的加密、认证、完整性和不可否认性。它的广泛使用和开源特性让它成为网络安全领域不可或缺的一部分。开发者和管理员必须时刻...
OpenSSL 3.2.2版发布:增强网络安全通信
OpenSSL是一个非常重要的开源安全通信库,它广泛应用于各种网络协议中以确保数据传输的安全性。OpenSSL项目提供的功能包括但不限于数据加密、身份验证、数据完整性校验等,是互联网安全基石之一。 首先,OpenSSL库...
OpenSSL 3.0.0-alpha6版本发布:加强网络安全通信
总结来说,OpenSSL作为信息安全领域的一个基石组件,对于保护网络通信安全至关重要。OpenSSL的更新和维护工作,是整个信息安全体系中不可忽视的一部分。系统管理员和网络安全专业人员必须密切关注OpenSSL的版本更新...
Lua中的OpenSSL X509证书:【证书解析与应用】:安全通信的基石
[Lua中的OpenSSL X509证书:【证书解析与应用】:安全通信的基石](https://user-images.githubusercontent.com/57880343/177473477-e54f60ca-4ab2-4eb9-9c9f-40b6786096d7.png) # 摘要 本文旨在介绍和分析OpenSSL X...
Openssl
weixin_34409703的博客
08-01 173
一.OpenSSL的机理 1.openssl软件包包含三个组件: libcrypto:实现加密的,它是一个库文件,可以被别的服务所调用。 libssl:提供ssl支持的。建立ssl会话的。 openssl:多功能的命令行工具。手动实现加密解密,生成证书,签发证书。 2.目前在Linux上能实现对称加密的工具有两个: gpg (3DES,...
openSSL
lvlei19911108的博客
06-24 5739
OpenSSL的核心的本质在于可以由用户自己来进行证书的签发,自定义证书是不被谷歌支持的,要想玩自定义证书就要通过火狐浏览器。 OpenSSL简介 为网络通信提供安全及数据完整性的一种安全协议,囊括了主要的密码算法、常用的密钥和证书封装管理功能以及SSL协议,并提供了丰富的应用程序供测试或其他目的使用。 通过在一定范围内部署一台CA(Certificate Authority)服务器(CA就是认证...
openssl
蜜汁程序员的博客
10-18 339
#include <openssl/aes.h> #include <openssl/sha.h> #include <openssl/evp.h> 三个解析不出来。 解决方法: yum install openssl openssl-devel        此外,安装了一个openssl,然而并没有任何卵用。 [root@localhost...
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值