How to manually generate ssl certificate for own site in Linux

  • Generate ssl certificate
  • Use the ssl certificate in Nginx
  • Summary

  最近在玩kubernetes,时常要用到https协议,而https协议又离不开ssl证书,自己弄好了以后,想到可能还会有很多人也会用到,所以这里就写一篇文章介绍一下这一块的东西。

Generate ssl certificate

  • 步骤1 生成伪随机数字节文件

  Openssl rand命令用来产生伪随机字节,随机数字产生器需要一个seed,在没有/dev/srandom系统下的解决方法是自己做一个~/.rnd文件。

lwk@qwfys:~$ openssl rand -writerand ~/.rnd
  • 步骤2 创建目录

  创建目录~/.tmp/3123459_k8s.qwfys.com_nginx

lwk@qwfys:~$ mkdir -p ~/.tmp/3123459_k8s.qwfys.com_nginx
lwk@qwfys:~$ ll .tmp/
total 12
drwxr-xr-x  3 lwk lwk 4096 Jun  2 09:33 ./
drwxr-xr-x 53 lwk lwk 4096 Jun  2 09:32 ../
drwxr-xr-x  2 lwk lwk 4096 Jun  2 09:33 3123459_k8s.qwfys.com_nginx/
lwk@qwfys:~$
  • 步骤3 生成非对称公密钥对

  用OpenSSL的genrsa命令生成一个2048 bit的公钥私钥对,输出到文件~/.tmp/3123459_k8s.qwfys.com_nginx/3123459_k8s.qwfys.com_nginx.key里。

lwk@qwfys:~$ openssl genrsa -out ~/.tmp/3123459_k8s.qwfys.com_nginx/3123459_k8s.qwfys.com_nginx.key 2048
Generating RSA private key, 2048 bit long modulus (2 primes)
................+++++
........................................+++++
e is 65537 (0x010001)
lwk@qwfys:~$
  • 步骤4 生成身份申请CSR

  用OpenSSL的req命令以上文中的3123459_k8s.qwfys.com_nginx.key为输 入,生成一个身份证申请(certificate signing request,CSR)文件 3123459_k8s.qwfys.com_nginx.csr

lwk@qwfys:~$ openssl req -new -key ~/.tmp/3123459_k8s.qwfys.com_nginx/3123459_k8s.qwfys.com_nginx.key -out ~/.tmp/3123459_k8s.qwfys.com_nginx/3123459_k8s.qwfys.com_nginx.csr
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:CN
State or Province Name (full name) [Some-State]:Hongkong
Locality Name (eg, city) []:Hongkong
Organization Name (eg, company) [Internet Widgits Pty Ltd]:www.qwfys.com
Organizational Unit Name (eg, section) []:IT
Common Name (e.g. server FQDN or YOUR name) []:k8s.qwfys.com
Email Address []:qwfys200@qq.comPlease enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:
lwk@qwfys:~$
  • 步骤5 生成CA签署的身份证

  以下OpenSSL的x509命令用指定的私钥文件3123459_k8s.qwfys.com_nginx.key签署身份申请(certificate signing request,CSR)文件3123459_k8s.qwfys.com_nginx.csr,输出CA签署的身份证(CA signed certificate,CRT)文件3123459_k8s.qwfys.com_nginx.crt

lwk@qwfys:~$ openssl x509 -req -sha256 -days 365 -in ~/.tmp/3123459_k8s.qwfys.com_nginx/3123459_k8s.qwfys.com_nginx.csr -signkey ~/.tmp/3123459_k8s.qwfys.com_nginx/3123459_k8s.qwfys.com_nginx.key -out ~/.tmp/3123459_k8s.qwfys.com_nginx/3123459_k8s.qwfys.com_nginx.crt
Signature ok
subject=C = CN, ST = Hongkong, L = Hongkong, O = www.qwfys.com, OU = IT, CN = k8s.qwfys.com, emailAddress = qwfys200@qq.com
Getting Private key
lwk@qwfys:~$

  接下来,我们查看一下生成的文件及其内容。

lwk@qwfys:~$ ll ~/.tmp/3123459_k8s.qwfys.com_nginx/
total 20
drwxr-xr-x 2 lwk lwk 4096 Jun  2 13:59 ./
drwxr-xr-x 4 lwk lwk 4096 Jun  2 09:53 ../
-rw-r--r-- 1 lwk lwk 1330 Jun  2 13:59 3123459_k8s.qwfys.com_nginx.crt
-rw-r--r-- 1 lwk lwk 1062 Jun  2 13:59 3123459_k8s.qwfys.com_nginx.csr
-rw------- 1 lwk lwk 1675 Jun  2 13:57 3123459_k8s.qwfys.com_nginx.key
lwk@qwfys:~$ cat ~/.tmp/3123459_k8s.qwfys.com_nginx/3123459_k8s.qwfys.com_nginx.key
-----BEGIN RSA PRIVATE KEY-----
MIIEowIBAAKCAQEApKRbB3jKgN1irAJLzZ1o6EdXY6AMx64gDMm5LF4QetDxCFmj
MFi9Pii03Lefsxy7gKVSOUCuyMLkCqOLQwmtBDPN6EY0L+5LLOTO8dPkvuUfxtq+
ge1X0yOSirumFQ/FXA7yFD4FGoLYmUFqLoNYxyySYnbMNNSSlcXEbaxfXWQfrOUu
TG1LOtK8TcZGeLwUCDlx5qP+uxBNsWPJPCxoPpWQ1f+q18F2zZvVRQggQ5U6GwZP
/53O6rUioRFYRNnj+00t8pALS++vPKVNZxM+VczmIwI0/nQZnHv5AlWIUOZBVxf7
NBJju5XV4XpZO1TN0RRKpSWIHGGGqOe2ls/9lwIDAQABAoIBADsMm31djDuVqzsI
A8n2B9cvJx+bGppPUD1l6B0Ki5yQ7bHR/F5tpUny7ZMv5H4n8vPb11ajZUyp4YIT
T/I2OTCFp/cDntoF/D5YvgQrvCHfKXt3ntYYmuQmIPvS+2kYY+91iMtLxybQAQFO
Xdfa0e91g/b+ppTYHM7MxHuVVAq5N88zY68Tlkf73TVkWuXgJZGc0m/RWSLBAzIG
CSB1NFGvsl6Sj6K/a2fXvJu2OojKjp1pN4vcM7tFJRAEwiU3fri3gqCD5TnX3Lv4
ZR1GRNFjUnxt2/NF+xFdeeepHnZViXvIqT/jvpYWl2D1qIfW1SE/qgrEm3Ego0dU
z90qKmECgYEA2F3bgvzdi8nd0avG8EAV4mD2kMMob27A68WDUu9zFAbhYfp0mE2U
dthfAUqbShI72QVMmKcQVxVZCbQP5Vjb0y+6tNVt+WBddFnBy0+bH4dredmwQtS2
Og0tWq9kCS2fSnawquzafm2HXPucGehwthpFi/VZKy24lW1uO5Jm/xECgYEAwsz1
99P2zuwliH/Y2AKpGNtDUIchJs5Lz4q8GvW7RSJjr1FKM5o1CTOqPLQ+Tm64ekbb
odWyRjUg2Favlo72fy/meVTTVCctp0oJ7odwQXzhIsBFZ+sYfv5nQGrvxkOR5gNq
4rSqQpRvJjSGU9OiEeWyZwz0lRGkVLPxNNsRAicCgYBa1EvqWSzIGh48ftgs0zpc
pkfbzZGT9fKXB3txvYOZzKmg7/syVJ8WpQ59BEzcc3scR9U34CpD5HpUUHq71Omz
Zj4C2/Ym0gVpaqSoLOr5+Wds563O4Gz/QbjgcPCVycktAVZ46qVunZxNtHJ7jdCD
IdRAROcB8VejoyS7bWI/gQKBgQCnciMkSpFmwNpqgOrWk0LjWOZ9/AnlH4NO/URA
MGYvQSZK9yc/QBjCtiRpVc4RAV+Vy/7TF6vMabK4A5ufYXhFT9lfBik5twupNx1e
ahF2WW/0vS1r7Ev8LZZ3avR8imyJOPrRsNaBsLHyN0gYGly/4Z/+sMY0tRt6q8p0
0rHGFQKBgF/uVbWLyXnGV+aQiRBZLcxy+MZntJ4IuJm+Wp3tlkPPr/z4qf0QlzS6
7ir8+YsOj68SFwtiJirJ5j8f8bMWRAdVsKtdF+Cp73Wjtf10360Db9Q9IZqZQvhr
EjTwnnHXKqkjqn3sudTpnbpGRorS8jO1537Gf/li5L9UnHqEbikU
-----END RSA PRIVATE KEY-----
lwk@qwfys:~$

虽说文件头尾都标注着RSA PRIVATE KEY,但实际上这个文件里面包含了公钥与私钥。

lwk@qwfys:~$ cat ~/.tmp/3123459_k8s.qwfys.com_nginx/3123459_k8s.qwfys.com_nginx.csr
-----BEGIN CERTIFICATE REQUEST-----
MIIC1jCCAb4CAQAwgZAxCzAJBgNVBAYTAkNOMREwDwYDVQQIDAhIb25na29uZzER
MA8GA1UEBwwISG9uZ2tvbmcxFjAUBgNVBAoMDXd3dy5xd2Z5cy5jb20xCzAJBgNV
BAsMAklUMRYwFAYDVQQDDA1rOHMucXdmeXMuY29tMR4wHAYJKoZIhvcNAQkBFg9x
d2Z5czIwMEBxcS5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCk
pFsHeMqA3WKsAkvNnWjoR1djoAzHriAMybksXhB60PEIWaMwWL0+KLTct5+zHLuA
pVI5QK7IwuQKo4tDCa0EM83oRjQv7kss5M7x0+S+5R/G2r6B7VfTI5KKu6YVD8Vc
DvIUPgUagtiZQWoug1jHLJJidsw01JKVxcRtrF9dZB+s5S5MbUs60rxNxkZ4vBQI
OXHmo/67EE2xY8k8LGg+lZDV/6rXwXbNm9VFCCBDlTobBk//nc7qtSKhEVhE2eP7
TS3ykAtL7688pU1nEz5VzOYjAjT+dBmce/kCVYhQ5kFXF/s0EmO7ldXhelk7VM3R
FEqlJYgcYYao57aWz/2XAgMBAAGgADANBgkqhkiG9w0BAQsFAAOCAQEANCYbhGQW
hWuKwOVX1PWrokFTuCCbWQHkrUXNGxABAYg879ulZsjYCqamPdGdKbIkA6qZzfDR
aB9VpOcuWKLkIm4i95XeSiLRIfYDhbpqGvCRi8hNsqMqeBPSBUVusawMY8RQk8LK
/51qCQA4vV1HkwA+yxLSADqC7qJLJALdGZZFfZXpAZS/s/nNyUx6Lov1L+2+mClu
hvwidn4mYJ3CsL7+B8iXDio3RkCW5CAsyALgojb7CE83UOXA8R8eRWEDqC8ZD8dD
Sh0G3q6qz+MyNkP0E9HprbSfLbXF6OT33CvkjddQNtOPI4l6gVBmDm4iwfKq0wZL
M4KG/iAXw07ybA==
-----END CERTIFICATE REQUEST-----
lwk@qwfys:~$ cat ~/.tmp/3123459_k8s.qwfys.com_nginx/3123459_k8s.qwfys.com_nginx.crt
-----BEGIN CERTIFICATE-----
MIIDqTCCApECFCIleg+v7vC+7qoPPbiKf/ouV99KMA0GCSqGSIb3DQEBCwUAMIGQ
MQswCQYDVQQGEwJDTjERMA8GA1UECAwISG9uZ2tvbmcxETAPBgNVBAcMCEhvbmdr
b25nMRYwFAYDVQQKDA13d3cucXdmeXMuY29tMQswCQYDVQQLDAJJVDEWMBQGA1UE
AwwNazhzLnF3ZnlzLmNvbTEeMBwGCSqGSIb3DQEJARYPcXdmeXMyMDBAcXEuY29t
MB4XDTIwMDYwMjA1NTk0M1oXDTIxMDYwMjA1NTk0M1owgZAxCzAJBgNVBAYTAkNO
MREwDwYDVQQIDAhIb25na29uZzERMA8GA1UEBwwISG9uZ2tvbmcxFjAUBgNVBAoM
DXd3dy5xd2Z5cy5jb20xCzAJBgNVBAsMAklUMRYwFAYDVQQDDA1rOHMucXdmeXMu
Y29tMR4wHAYJKoZIhvcNAQkBFg9xd2Z5czIwMEBxcS5jb20wggEiMA0GCSqGSIb3
DQEBAQUAA4IBDwAwggEKAoIBAQCkpFsHeMqA3WKsAkvNnWjoR1djoAzHriAMybks
XhB60PEIWaMwWL0+KLTct5+zHLuApVI5QK7IwuQKo4tDCa0EM83oRjQv7kss5M7x
0+S+5R/G2r6B7VfTI5KKu6YVD8VcDvIUPgUagtiZQWoug1jHLJJidsw01JKVxcRt
rF9dZB+s5S5MbUs60rxNxkZ4vBQIOXHmo/67EE2xY8k8LGg+lZDV/6rXwXbNm9VF
CCBDlTobBk//nc7qtSKhEVhE2eP7TS3ykAtL7688pU1nEz5VzOYjAjT+dBmce/kC
VYhQ5kFXF/s0EmO7ldXhelk7VM3RFEqlJYgcYYao57aWz/2XAgMBAAEwDQYJKoZI
hvcNAQELBQADggEBAIPLP1nb/LTPpjERfiNzFh0p2KTkLuE8n4d7dV3uPcEbJ7g6
c7dIIZp192fQ0FCo+0MmoIXd8+7I0bmaOupD/eA1VuJKjcXgQUvbx4AJiAWBgaUl
Sg+dzFSoTykdk6idbK7zbHfYhSnt7eCw5z4ffmWFcEaEpmXUFJnTo6A6FWY26rxx
MK7Xpzkwa6OGHRlGaCBgTRR4aNjDHUktMhZzyS/RKazit6bGltGt1p7U+qJjD58h
yvfbhB+GJ9DRhoellxTVUoCAH3E60goO4qVj0HQz2yU0IiIR4fmjaaRKhpapsHyF
VYRupsEviwQ2WxFSJAPz3jVSOTW0ogK9fCZQA0Y=
-----END CERTIFICATE-----
lwk@qwfys:~$

Use the ssl certificate in Nginx

至些,我们就为自己的站点生成了相应的数字证书。那么如何使用呢?这里我们以CentOS 7、Nginx 1.15.6为例给大家简要介绍一下。

  • 步骤 1 安装nginx
yum install -y nginx
  • 步骤 2 在nginx配置目录添加子目录ssl,并将先前生成的文件3123459_k8s.qwfys.com_nginx.key、3123459_k8s.qwfys.com_nginx.crt复制到该目录
[root@xtwj73 ~]#  mkdir -p /etc/nginx/ssl

 lwk@qwfys:~$ scp ~/.tmp/3123459_k8s.qwfys.com_nginx/3123459_k8s.qwfys.com_nginx.key root@inner73.qwfys.com:/etc/nginx/ssl/lwk@qwfys:~$ scp ~/.tmp/3123459_k8s.qwfys.com_nginx/3123459_k8s.qwfys.com_nginx.crt root@inner73.qwfys.com:/etc/nginx/ssl/
  • 步骤3 编辑nginx配置文件,追来ssl功能

修改Nginx安装目录/conf/nginx.conf文件。找到以下配置信息:

# HTTPS server
server {listen 443;server_name localhost;ssl on;ssl_certificate cert.pem;ssl_certificate_key cert.key;ssl_session_timeout 5m;ssl_protocols TLSv1 TLSv1.1 TLSv1.2;ssl_ciphers ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP;ssl_prefer_server_ciphers on;location / {

按照下文中注释内容修改nginx.conf文件:

server {listen 443 ssl;   #SSL协议访问端口号为443。此处如未添加ssl,可能会造成Nginx无法启动。server_name k8s.qwfys.com;  #将localhost修改为您证书绑定的域名,例如:www.example.com。root html;index index.html index.htm;ssl_certificate ssl/3123459_k8s.qwfys.com_nginx.crt;   #将domain name.pem替换成您证书的文件名。ssl_certificate_key ssl/3123459_k8s.qwfys.com_nginx.key;   #将domain name.key替换成您证书的密钥文件名。ssl_session_timeout 5m;ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;  #使用此加密套件。ssl_protocols TLSv1 TLSv1.1 TLSv1.2;   #使用该协议进行配置。ssl_prefer_server_ciphers on;location / {root html;   #站点目录。index index.html index.htm;   }
}
  • 步骤 4 重启nginx以使配置生效
[root@xtwj73 ~]# systemctl restart nginx.service

Summary

  上面我们给大家介绍的关于生成非对称公密钥、身份证申请这些操作步骤是以交互方式完成的,但是在一些特殊场合,我们希望以参数形式来完成,其实,这样也是可以的。接下来,我们就给大家演示这方面的操作步骤。

lwk@qwfys:~$ openssl rand -writerand ~/.rnd
lwk@qwfys:~$ mkdir -p ~/.tmp/3723459_k8s.qwfys.com_nginx
lwk@qwfys:~$ openssl req -new -newkey rsa:2048 -nodes -out ~/.tmp/3723459_k8s.qwfys.com_nginx/3723459_k8s.qwfys.com_nginx.csr -keyout ~/.tmp/3723459_k8s.qwfys.com_nginx/3723459_k8s.qwfys.com_nginx.key -subj "/C=CN/ST=Hongkong/L=Hongkong/O=www.qwfys.com Inc./OU=IT/CN=k8s.qwfys.com_nginx"
Generating a RSA private key
........................+++++
............+++++
writing new private key to '/home/lwk/.tmp/3723459_k8s.qwfys.com_nginx/3723459_k8s.qwfys.com_nginx.key'
-----
lwk@qwfys:~$ ll ~/.tmp/3723459_k8s.qwfys.com_nginx/
total 16
drwxr-xr-x 2 lwk lwk 4096 Jun  2 09:53 ./
drwxr-xr-x 4 lwk lwk 4096 Jun  2 09:53 ../
-rw-r--r-- 1 lwk lwk 1029 Jun  2 09:53 3723459_k8s.qwfys.com_nginx.csr
-rw------- 1 lwk lwk 1704 Jun  2 09:53 3723459_k8s.qwfys.com_nginx.key
lwk@qwfys:~$ cat ~/.tmp/3723459_k8s.qwfys.com_nginx/3723459_k8s.qwfys.com_nginx.key
-----BEGIN PRIVATE KEY-----
MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQC0EPBk10wcAj57
nDThCBv/KJN8NCQX2wHI0ppOuTpOrEQoO2Bc75QLGVw6RHuAOPXwzhn6+t08k3rm
wdDeecxfAd0vxunu5P+NoavDfHeG3wHmU0n3wW+iY/0/GJpFNEElFcV0h6YXiFFK
XkijI+y0ayQ9xbtHKCyJ1j7KN3u3nadrWaft2jQ4E+MoavjfVvc+21UKHNObHzjh
/tozwIwkGX6/EGjfyq8q7OsPVJRJiXdmCURyfgXgSuUzdnXGbG6NZxWi30/hG2Yw
ejcmg6a1pja7hl3P57WInZKdk3Uj1ZhsRgarQbCpu7gDWe2j1/E0Ly14Z+aNZ/Gb
viOtsEbXAgMBAAECggEARtkrXOIBRjvzzbsGa0w/h8O1U/dIBELdjuCeaj8jG/VX
0+SY47g4La3KxfpQBYFj812Eh2XRSpZUkxrLTd3qda9MEhJX1PExQ87KwF3mwaBZ
JQC8Z8kqXWCuMfdCK9yFjUvlpxYAWd3+7h3uwpHN/qbxWYTFTRgXfhxYFESEXxf1
uXKzQzQbkqQQWzZSAb8cdxcj0itEDwo7a/Pf5renYQBQXMw+psy2o3Nt3/VEKA9x
7PNfEpZFnw3Y3KNJxg13L+hBhH7PQ5CPVbhIPXp5fJT204DwFNwHQ7wnM6msxSVf
qHS2PlB70pefvj8tm1nH9Svgq34uAvFHiRscKPj/wQKBgQDglQb37y+fuoFtLnBd
+rKcnMp+fBeA8q7BRWcUBqX4XZjePC8OEY0r3Ii238fyQuS7Or8JH9Sb/6p83tNB
Qdn9/ioqX/FUA1vHNAONDDesfkd+j0G8omBAg4oXWZcrDEw7NR91bXUq7aHnDhiO
DwFCanlydeS2OHPhDwZNLJAAkQKBgQDNQais9TOOmxTS3mmWJZ5lLKmonY6aad76
y/SuOWs13wHp/H2a3qW9wobmBREMt65ik3rgx/nY25u+Be2KetmrdTZuj1nh3w+N
IhL4HkfbkYK0Mncljtxg/NySM2WzAGIkHK3lqGWrF7NquN1ryZTeLJK/C/mnLVkl
PEvFOqWE5wKBgDZSVbkq1a4hAqVSEkPpG8Ld+ezWPyklijedfe1OHl8Q5KT8kbUp
cagmU7tILajfnUvcTdD7LgX9tVM24opqTzwsei59vnW/yjdI0YMQbXb/pHNsW04x
SG7SYlh7hyEWfGnl05Inw6t6hyrIMhBKeNeDwZR6B7Q7u2u4oqGQIdTBAoGBALS6
MHQB/uB86mv1jBC5lOtO1R/zgwGxYLWBajMRubWYY44MVOhNTLB2HONh6K5C+Vgw
tUxAqFxqmYpKm+qH2yseLMxSinjYOFAzhXJU7z6EtApIOSKn1KHNY8WTXeOr3b4g
RnnluYdZeg/pMIVc3Ch4JMn1GGA8DLc9jRXfWqhXAoGBAJRAFnOMFL5CNWwI/Z1K
Q+zp48Zdi67xAP312YyOOroVH0qaDd+H4OOqHfYjqRSVVHjHMcoNnY+qv/EYFkr+
wuRDPw4EQHmRJWTdn7Ew15GMOETz0DkZcsvdd7qh0xxIZMdhG2fAI+hdUVz3z2XM
otj6Yb9/XW4rUyQzYx+sdoOM
-----END PRIVATE KEY-----
lwk@qwfys:~$ cat ~/.tmp/3723459_k8s.qwfys.com_nginx/3723459_k8s.qwfys.com_nginx.csr
-----BEGIN CERTIFICATE REQUEST-----
MIICwDCCAagCAQAwezELMAkGA1UEBhMCQ04xETAPBgNVBAgMCEhvbmdrb25nMREw
DwYDVQQHDAhIb25na29uZzEbMBkGA1UECgwSd3d3LnF3ZnlzLmNvbSBJbmMuMQsw
CQYDVQQLDAJJVDEcMBoGA1UEAwwTazhzLnF3ZnlzLmNvbV9uZ2lueDCCASIwDQYJ
KoZIhvcNAQEBBQADggEPADCCAQoCggEBALQQ8GTXTBwCPnucNOEIG/8ok3w0JBfb
AcjSmk65Ok6sRCg7YFzvlAsZXDpEe4A49fDOGfr63TyTeubB0N55zF8B3S/G6e7k
/42hq8N8d4bfAeZTSffBb6Jj/T8YmkU0QSUVxXSHpheIUUpeSKMj7LRrJD3Fu0co
LInWPso3e7edp2tZp+3aNDgT4yhq+N9W9z7bVQoc05sfOOH+2jPAjCQZfr8QaN/K
ryrs6w9UlEmJd2YJRHJ+BeBK5TN2dcZsbo1nFaLfT+EbZjB6NyaDprWmNruGXc/n
tYidkp2TdSPVmGxGBqtBsKm7uANZ7aPX8TQvLXhn5o1n8Zu+I62wRtcCAwEAAaAA
MA0GCSqGSIb3DQEBCwUAA4IBAQCJv0/4iJJ6OIex2IfosrS/1szZO1z4rVdwwz1V
jtRhMdXZnOmIzFfkG4EI2COonA56rABm9o3GPRIXW7P2aXxRWhb7um1zLQFp7RoC
CBaqm+1YPpbxDc7ifcuPlzcgRfHW+2fjqwqXifSCrcdqH7+cf6hs9gRFOm0Fucp6
nucQrYuhtXrAv6tUyx1YJYxwUyScnMsJej32iomtPkwCJSW1eKSBUeL+9t5th28U
g2jxgsf0Kobxc6oFmqBfUNsy5HeX4GWDHnmq5lWbDD3OAhovvT3agLeopzTHCqN/
zE0EOItSYef5dTy5ck0Ac58Bb86hQfxblICHa3TfSqy77hYo
-----END CERTIFICATE REQUEST-----
lwk@qwfys:~$

Reference

  • OpenSSL CSR Wizard
  • Manually Generate a Certificate Signing Request (CSR) Using OpenSSL
  • TLS和安全通信
  • OpenSSL操作指南
  • 在Nginx或Tengine服务器上安装证书
  • DER、CRT、CER、PEM格式的证书及转换
  • Go和HTTPS

How to manually generate ssl certificate for own site in Linux相关推荐

  1. SSL Certificate Signed Using Weak Hashing Algorithm(CVE-2004-2761)

    SSL Certificate Signed Using Weak Hashing Algorithm 操作系统版本:Windows Server 2012 R2 前言:解决SSL Certifica ...

  2. There was a problem confirming the ssl certificate ……

    在安装一个Python库onetimepass时发生下面的问题: pip install onetimepass Could not fetch URL https://pypi.python.org ...

  3. PHP SSL certificate: unable to get local issuer certificate的解决办法

    微信小程序开发交流qq群   173683895    承接微信小程序开发.扫码加微信. 当本地curl需要访问https时,出现SSL certificate: unable to get loca ...

  4. PySpider HTTP 599: SSL certificate problem错误的解决方法

    PySpider HTTP 599: SSL certificate problem错误的解决方法 参考文章: (1)PySpider HTTP 599: SSL certificate proble ...

  5. There was a problem confirming the ssl certificate

    There was a problem confirming the ssl certificate 在使用pip 或者 爬虫爬取HTTPs时 有时SSL报错 查看最根源的错误是"Can't ...

  6. SSL certificate problem: unable to get local issuer certificate

    fatal: unable to access 'https://github.com/GitHubSi/t...': SSL certificate problem: unable to get l ...

  7. 解决SVN提示https证书验证失败问题svn: E230001: Server SSL certificate verification failed: certificate issued

    svn: E230001: Server SSL certificate verification failed: certificate issued 今天在使用svn时候发现出现这个问题,这个是因 ...

  8. SSL certificate problem, verify that the CA cert is OK. Details:

    使用 git 出现SSL certificate problem, verify that the CA cert is OK. Details: [jifeng@jifeng04 git]$ git ...

  9. CRMEB SSL certificate problem, verify that the CA cert is OK

    CRMEB系统提示这个错误 如果使用curl发起https请求的时候报错:"SSL certificate problem, verify that the CA cert is OK. D ...

最新文章

  1. 关于异步请求的一些事
  2. iOS开发中显示实时的FPS值
  3. 读CLR via C#总结(4) 值类型的装箱和拆箱
  4. Web项目练习总结(错误校正篇)
  5. 详解spring boot mybatis全注解化
  6. 关于html和javascript在浏览器中的加载顺序问题的讨论(zz)
  7. python访问mysql_python连接mysql
  8. satd残差_RDO、SAD、SATD、λ相关概念【转】
  9. NS2相关学习——无线网(2)
  10. 关于网站那些不得不说的小秘密
  11. 共享锁 排他锁 是什么区别
  12. 信号与系统【奥本海目】第二版笔记
  13. LeetCode算法,多多路上从左到右有N棵树(编号1~N),其中第i个颗树有和谐值Ai。 多多鸡认为,如果一段连续的树,它们的和谐值之和可以被M整除,那么这个区间整体看起来就是和谐的....
  14. 驱动程序解析及其对硬件和系统发挥效能的重大作用和注意事宜
  15. Leetcode实战:121.买卖股票的最佳时机
  16. form-group 两种常用使用
  17. 计算机科学与技术单身率,中国大陆男女比例揭晓!大学单身率专业十强来了
  18. Qt之QListWidget控件的应用
  19. 时域特征提取_时域分析——无量纲特征值含义一网打尽
  20. CentOS7 中 Docker-ce 安装配置 MyCat-Web 监控 MyCat状态

热门文章

  1. 从雀书无代码应用——浅谈零代码开发平台(上)
  2. 开源项目——小Q聊天机器人V1.5
  3. (二)移动 GPU 和桌面 GPU 的差距有哪些?
  4. Pranava Pra 使用教程
  5. 使用python将ppt文件批量转为pptx、批量提取ppt中的文字保存
  6. 阿里云国际站卸载阿里云盾监控
  7. 用TELNET登录QQ邮箱
  8. 【Hackintosh】完善篇之添加节能5项与添加SMBU/SBUS
  9. 推荐一些Windows系统中好用的免费(开源)/收费的终端管理工具(命令行工具)
  10. 前后端分离的文件上传,上传zip或者rar压缩包(vue+springboot)。