OPENSSL与私有CA搭建
2024-05-29 01:06:03
本文是实操,旨在理解:
对称加密、非对称加密、散列的具体实现;
CA的整个工作过程;
数字证书到底包含哪些内容。
本文也是我的上一篇《对称加密、非对称加密、散列算法与PKI》的具体实现,如果对本文涉及的对称加密、非对称加密、散列算法不太理解,可以先看看我的那篇通俗讲解。
一、Openssl常用命令:
帮助:# openssl ? # 查看openssl的命令及子命令# man enc # 可以直接查看子命令帮助加密:# openssl enc -des3 -e -salt -in /lee/sh/test.sh -out /lee/sh/test.sh.des3-des3:指定加密算法,可以在openssl ?中查看支持的加密算法-e:加密,缺省参数-salt:加盐-in:输入文件,也就是要加密的文件-out:输出文件,也就是加密后的密文enter des-ede3-cbc encryption password: # 输入加密密码Verifying - enter des-ede3-cbc encryption password: #确认输入加密密码解密:# openssl enc -des3 -d -salt -in /lee/sh/test.sh.des3 -out /lee/sh/test1.sh-d:解密enter des-ede3-cbc decryption password:散列:# md5sum /lee/sh/test.sh # 用MD5散列590c2fdc61a76337dd2e1df91a217a27 /lee/sh/test.sh# sha1sum /lee/sh/test.sh # SHA1散列40554fd040b5a54821280603a67e5c07818aff65 /lee/sh/test.sh# openssl dgst -sha1 /lee/sh/test.sh # 用openssl命令进行SHA1散列SHA1(/lee/sh/test.sh)= 40554fd040b5a54821280603a67e5c07818aff65# openssl dgst -md5 /lee/sh/test.sh # 用openssl命令进行MD5散列MD5(/lee/sh/test.sh)= 590c2fdc61a76337dd2e1df91a217a27# openssl dgst -? # 这样可以输出支持的命令unknown option '-?'options are-c to output the digest with separating colons-r to output the digest in coreutils format-d to output debug info-hex output as hex dump-binary output in binary form-hmac arg set the HMAC key to arg-non-fips-allow allow use of non FIPS digest-sign file sign digest using private key in file-verify file verify a signature using public key in file-prverify file verify a signature using private key in file-keyform arg key file format (PEM or ENGINE)-out filename output to filename rather than stdout-signature file signature to verify-sigopt nm:v signature parameter-hmac key create hashed MAC with key-mac algorithm create MAC (not neccessarily HMAC)-macopt nm:v MAC algorithm parameters or key-engine e use engine e, possibly a hardware device.-md4 to use the md4 message digest algorithm-md5 to use the md5 message digest algorithm-ripemd160 to use the ripemd160 message digest algorithm-sha to use the sha message digest algorithm-sha1 to use the sha1 message digest algorithm-sha224 to use the sha224 message digest algorithm-sha256 to use the sha256 message digest algorithm-sha384 to use the sha384 message digest algorithm-sha512 to use the sha512 message digest algorithm-whirlpool to use the whirlpool message digest algorithm生成密码串(散列值):# openssl passwd -? # 详细帮助还是查看manUsage: passwd [options] [passwords]where options are-crypt standard Unix password algorithm (default)-1 MD5-based password algorithm # MD5算法-apr1 MD5-based password algorithm, Apache variant-salt string use provided salt-in file read passwords from file-stdin read passwords from stdin-noverify never verify when reading password from terminal-quiet no warnings-table format output as table-reverse switch table columns但是,passwd本身是一个操作系统命令,用man查看的是操作系统那个passwd的帮助,于是whatis一下:# whatis passwdsslpasswd (1ssl) - compute password hashes # 可以看出是sslpasswdpasswd (1) - update user's authentication tokenspasswd (5) - password file# man sslpasswd # 这样就可以查看了# openssl passwd -1 # 使用MD5算法计算密码的(字符串)的散列值Password: Verifying - Password: $1$VAehBGE.$vSHYjZqz4O3xLXgqaWTL70注意:这个命令时默认加盐的,所以多次执行同一个密码串所得到的结果都会不同# openssl passwd -1 -salt VAehBGE. # 指定salt值Password: $1$VAehBGE.$vSHYjZqz4O3xLXgqaWTL70 # 相同的salt结果输出一样了生成非对称密钥:# openssl genrsa # 生成RSA私钥Generating RSA private key, 2048 bit long modulus...........+++........................+++e is 65537 (0x10001)-----BEGIN RSA PRIVATE KEY-----MIIEpQIBAAKCAQEA9armbPLhXtJc70Ktvw0JJEZtWaA6MtWGjL6sr51WGhrC2wcuXVdrQlpWXWxFjO7zlwfIs2Oo9+6LmQdmRbqlt0Jmh0RG9XxB51cKR1s8c71k/u2AJm6Ccg8wsxLgBVKrpFB9bZ7WsLAJ7n61mkJul49Vp/uIuGX+3HEgmgoOWObw6xiCtMSR9c5ksobz3oI6R9ccwpOfcXBWUzVo2fc+KnuKyM1saR8HXrHBPpoyP6DT2GOvCyLjw1l1c4jPKO6PC2CJMyM4q6EuTow/j8y+X2vCVPzferYRixH8b96HGisxqD2fUxK1H3RPOCk8L/NiWyE2L5950FgDxUB1gRXANwIDAQABAoIBABg0S1mmoG/QOBnWrvmo1iK90Z5H/BPwF76cNrViwg32XwZncbj+mPHDpsizlzKohFV4Dd0mz4oF9bkREpGCLzucDi/7mSYspO2fFMMtCQq6OU4opjyjHLUSLBEopevAVmrtBz6arLphzciysT/OlcjW9XCEhtbsLa0YdEbZAMrfXKdpR88CX8zIKn5ZTG2BO6vP6tfLrSVPM/Rl5dJVLFkB4cgoZKLYDzllYPn9YerUFJnl1H+2ky/skEWf+jDoIw+zVQPhUn/kdBpUgFEbp60FvJK5iRx81fK0liOhZHFefNGsiSSqPVVvP7qRmqgCamZYqfQdRujzZ4IosW4Q5FECgYEA/iTMjxSnE3x5d8jzR/s5rotEq08XlfVlkAYSxFOje0lOtdlX/OJv02+4lf0btEOHPcdCbHIuhx6zMlx2TPaXcfgMvowKe+/bfcX76VldhQxj/xJvXzVxacCYY2fRZc69GPsXR+PHANMjI4AZWoDeGYaqxEtMafSQnFiagatyx1kCgYEA93ZAkHUDBHlpkg+bQLrlimMGqXGj4m7TasW/PTxEWe1WbgKuN9o7grGdnAlhKDhdAi9S4eCNzKA4CTK8Zx9WH6izgq9oushDSofTgzozuPXiJ2PFxDl0nGQLvg2UrgzzBmSK0GO0Il7tkkDKfZdApFgqyWbA7CrShs1rF9fsYg8CgYEA00kau5Vq9btVbO2mvGAza1YjZ9ygei6DGkLCVXBHiNbAVlT0XqyOVZUbO68q2ioOBKFlKq2e2vz988+FFqUn8TtMtRnOGY2myCDSNwTxyAwuEkBsURYoTMguqO4F24MOGPefOkg3CQt/uiLkcSaT/1rDG+CSDcCifSj4gvdbvDkCgYEAorch6xrVuhpvfXg/mMeL6XwFxGMR5PEEmT+f6Q74zrzNyRaAIf+gg+ZwgUp1lTHCjo45jIbQFo3/aqTu10v2oGiYaMUYM0E9ZgN749zgZ61eYJItV0KEV9U9F2HssqmXH0v7Lt1wc+1Bf5qUyxIqkiXbNIUZM/FQbw0hbxMuvqcCgYEA8JMQHjmx9NCUAH9ShHrrqO4qw9NCvAteShx0D/AbQALP5L56QfWQL0h31nNpL1E2AHAME/ZcWQzeHhrPY0+gOklBRG+mQS2MNOD31bZNUgh6LF20s4M/1Qb1srzf9qKbhD2PG3PSSuj1UuFGT/al/L3QOnv4+ewXgL/Iyl7HAgs=-----END RSA PRIVATE KEY-----# openssl genrsa -out /lee/my.key # 生成RSA私钥同时输出# openssl rsa -in /lee/my.key -pubout # 查看私钥的公钥writing RSA key-----BEGIN PUBLIC KEY-----MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA9armbPLhXtJc70Ktvw0JJEZtWaA6MtWGjL6sr51WGhrC2wcuXVdrQlpWXWxFjO7zlwfIs2Oo9+6LmQdmRbqlt0Jmh0RG9XxB51cKR1s8c71k/u2AJm6Ccg8wsxLgBVKrpFB9bZ7WsLAJ7n61mkJul49Vp/uIuGX+3HEgmgoOWObw6xiCtMSR9c5ksobz3oI6R9ccwpOfcXBWUzVo2fc+KnuKyM1saR8HXrHBPpoyP6DT2GOvCyLjw1l1c4jPKO6PC2CJMyM4q6EuTow/j8y+X2vCVPzferYRixH8b96HGisxqD2fUxK1H3RPOCk8L/NiWyE2L5950FgDxUB1gRXANwIDAQAB-----END PUBLIC KEY-----# openssl rsa -in /lee/my.key -pubout -out /lee/mypub.key # 输出私钥的公钥证书格式转换:将cer和pfx文件转换成pem格式的文件# openssl pkcs12 -in xxx.pfx -nodes -out xxx.pem# openssl x509 -inform der -in xxx.cer -out xxx.pem -outform pem从pfx中提取密钥对# openssl pkcs12 -in longsys.com123456.pfx -nocerts -nodes -out longsys.key从密钥对中提取私钥(头部格式:-----BEGIN RSA PRIVATE KEY-----)# openssl rsa -in longsys.key -out longsys_private.pem从密钥对提取公钥(头部格式:-----BEGIN RSA PUBLIC KEY-----)# openssl rsa -in longsys.key -RSAPublicKey_out -out longsys_public.pem #也可以从私钥中提取,结果一样从密钥对提取公钥(头部格式:-----BEGIN PUBLIC KEY-----)# openssl rsa -in longsys.key -pubout -out mypub.key #同样也可以从私钥中提取
二、配置CA:
1):查看并修改CA配置文件:# cat /etc/pki/tls/openssl.cnf # 主要的是下面的内容####################################################################[ ca ]default_ca = CA_default # The default ca section####################################################################[ CA_default ]dir = /etc/pki/CA # Where everything is kept # 默认主工作目录certs = $dir/certs # Where the issued certs are kept # 客户端证书保存目录crl_dir = $dir/crl # Where the issued crl are kept # 证书撤销列表位置database = $dir/index.txt # database index file. # 发放的证书列表,默认是没有这个文件的,需要自己创建#unique_subject = no # Set to 'no' to allow creation of# several ctificates with same subject.new_certs_dir = $dir/newcerts # default place for new certs. # 新生成的证书certificate = $dir/cacert.pem # The CA certificate # CA自己的证书(自签署证书)serial = $dir/serial # The current serial number # 序号,默认是没有这个文件的,需要自己创建crlnumber = $dir/crlnumber # the current crl number# must be commented out to leave a V1 CRLcrl = $dir/crl.pem # The current CRLprivate_key = $dir/private/cakey.pem# The private key # CA的私钥存放位置RANDFILE = $dir/private/.rand # private random number filex509_extensions = usr_cert # The extentions to add to the cert# Comment out the following two lines for the "traditional"# (and highly broken) format.name_opt = ca_default # Subject Name optionscert_opt = ca_default # Certificate field options# Extension copying option: use with caution.# copy_extensions = copy# Extensions to add to a CRL. Note: Netscape communicator chokes on V2 CRLs# so this is commented out by default to leave a V1 CRL.# crlnumber must also be commented out to leave a V1 CRL.# crl_extensions = crl_extdefault_days = 365 # how long to certify for # 证书默认有效期default_crl_days= 30 # how long before next CRLdefault_md = sha256 # use SHA-256 by defaultpreserve = no # keep passed DN ordering2):生成一个CA自己的非对称私钥:# openssl genrsa -out /etc/pki/CA/private/cakey.pem3):生成自签署证书:# openssl req -new -x509 -key /etc/pki/CA/private/cakey.pem -out /etc/pki/CA/cacert.pem-new:新建-x509:指定自签署证书-key:指定非对称秘钥(私钥)-out:输出文件-days:证书有效期You are about to be asked to enter information that will be incorporatedinto your certificate request.What you are about to enter is what is called a Distinguished Name or a DN.There are quite a few fields but you can leave some blankFor some fields there will be a default value,If you enter '.', the field will be left blank.-----Country Name (2 letter code) [XX]:CNState or Province Name (full name) []:GuangDong Locality Name (eg, city) [Default City]:ShenZhenOrganization Name (eg, company) [Default Company Ltd]:testOrganizational Unit Name (eg, section) []:testCommon Name (eg, your name or your server's hostname) []:ca.test.comEmail Address []:admin@test.com# openssl x509 -text -in cacert.pem # 查看证书信息Certificate:Data:Version: 3 (0x2)Serial Number:ae:af:f9:0e:f3:0e:96:bdSignature Algorithm: sha256WithRSAEncryptionIssuer: C=CN, ST=GuangDong, L=ShenZhen, O=test, OU=test, CN=ca.test.com/emailAddress=admin@test.comValidityNot Before: Feb 3 07:38:39 2018 GMTNot After : Mar 5 07:38:39 2018 GMTSubject: C=CN, ST=GuangDong, L=ShenZhen, O=test, OU=test, CN=ca.test.com/emailAddress=admin@test.comSubject Public Key Info:Public Key Algorithm: rsaEncryptionPublic-Key: (2048 bit)Modulus:00:c3:91:60:ee:17:d2:14:36:75:1c:d3:95:ac:43:69:5c:f0:7f:a6:00:cb:7f:b2:45:5c:1e:0a:da:a9:ba:82:37:7f:36:9c:49:c3:2a:23:2e:b1:fa:78:87:aa:a5:cc:91:2f:55:0f:e5:dd:de:e8:07:46:61:9e:c3:dd:33:12:a1:98:f2:cb:62:00:45:1d:54:89:cb:28:cb:4f:b4:eb:46:df:df:ca:5b:94:81:64:c0:4f:fe:91:23:a0:33:cf:b8:05:27:63:cc:d2:87:c0:42:30:d7:1f:d6:e0:3d:61:61:6d:46:2a:99:63:b3:7f:70:6a:f8:96:5f:9e:f6:b6:9f:8e:44:09:cc:eb:3e:ac:e0:d0:97:5e:43:9a:8d:b2:f9:18:08:73:7f:39:d9:9b:a5:b2:4e:c7:25:93:ce:a6:ee:36:bc:22:e9:08:8b:17:c0:5e:af:ff:c6:ce:ea:0b:f5:a6:d3:bc:f7:77:76:48:f1:57:25:56:88:6b:73:bf:65:44:59:aa:a4:94:cd:d5:7c:4a:ca:fd:77:19:8e:42:62:3a:d3:4c:7c:b3:2d:73:ac:1c:70:4b:a5:26:cf:62:c0:2f:e0:c3:06:eb:37:6e:1d:7b:df:53:08:09:bf:e0:6d:d8:ee:95:6d:1f:d9:df:3e:11:8b:e0:3d:0e:7b:94:0fExponent: 65537 (0x10001)X509v3 extensions:X509v3 Subject Key Identifier: 30:2F:BF:46:D3:E2:89:32:F3:76:D8:59:72:E5:06:79:65:E3:FF:2BX509v3 Authority Key Identifier: keyid:30:2F:BF:46:D3:E2:89:32:F3:76:D8:59:72:E5:06:79:65:E3:FF:2BX509v3 Basic Constraints: CA:TRUESignature Algorithm: sha256WithRSAEncryptionc0:d5:cc:e8:65:34:82:b5:99:f5:5d:e9:6d:43:42:c1:8c:01:0c:09:34:df:d0:46:ca:01:7c:9b:f8:a1:08:e4:99:b1:5c:ef:eb:6d:2d:d5:82:fa:3f:10:c9:96:ac:35:3a:1a:de:a7:37:69:9d:20:d3:4f:19:3b:29:e8:e1:4a:7e:29:cd:5f:a1:81:f5:3e:5d:c4:55:e6:e5:5d:c5:87:bd:4f:45:d0:3c:2c:5a:60:9b:2e:79:23:0d:fa:80:bf:80:83:f2:09:ce:6f:94:5c:c6:21:53:f7:58:8e:cf:8d:88:7e:c1:57:38:a3:1c:e5:02:16:af:56:51:04:9e:ad:54:e4:70:1f:76:d9:bf:1d:38:95:e4:94:91:6d:36:87:c4:fa:75:3d:87:53:c9:10:8d:46:81:34:44:e3:53:12:cf:31:ca:10:48:14:c0:6f:d3:7a:3a:62:3f:04:90:f7:00:d6:c0:ce:ea:2f:44:ad:70:36:58:20:04:f9:2a:98:b4:af:fe:b4:67:35:1d:3b:3e:ea:ba:e4:70:8b:56:f4:d5:bd:61:05:d4:30:23:64:c9:54:cd:96:bf:86:dd:38:41:6a:b1:4e:8d:72:ce:79:b7:fa:51:53:c5:08:e2:d6:2f:43:b0:39:d4:c3:3c:84:b6:83:23:60:4b:c0:9e:9d-----BEGIN CERTIFICATE-----MIID4zCCAsugAwIBAgIJAK6v+Q7zDpa9MA0GCSqGSIb3DQEBCwUAMIGHMQswCQYDVQQGEwJDTjESMBAGA1UECAwJR3VhbmdEb25nMREwDwYDVQQHDAhTaGVuWmhlbjENMAsGA1UECgwEdGVzdDENMAsGA1UECwwEdGVzdDEUMBIGA1UEAwwLY2EudGVzdC5jb20xHTAbBgkqhkiG9w0BCQEWDmFkbWluQHRlc3QuY29tMB4XDTE4MDIwMzA3MzgzOVoXDTE4MDMwNTA3MzgzOVowgYcxCzAJBgNVBAYTAkNOMRIwEAYDVQQIDAlHdWFuZ0RvbmcxETAPBgNVBAcMCFNoZW5aaGVuMQ0wCwYDVQQKDAR0ZXN0MQ0wCwYDVQQLDAR0ZXN0MRQwEgYDVQQDDAtjYS50ZXN0LmNvbTEdMBsGCSqGSIb3DQEJARYOYWRtaW5AdGVzdC5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDDkWDuF9IUNnUc05WsQ2lc8H+mAMt/skVcHgraqbqCN382nEnDKiMusfp4h6qlzJEvVQ/l3d7oB0ZhnsPdMxKhmPLLYgBFHVSJyyjLT7TrRt/fyluUgWTAT/6RI6Azz7gFJ2PM0ofAQjDXH9bgPWFhbUYqmWOzf3Bq+JZfnva2n45ECczrPqzg0JdeQ5qNsvkYCHN/OdmbpbJOxyWTzqbuNrwi6QiLF8Ber//GzuoL9abTvPd3dkjxVyVWiGtzv2VEWaqklM3VfErK/XcZjkJiOtNMfLMtc6wccEulJs9iwC/gwwbrN24de99TCAm/4G3Y7pVtH9nfPhGL4D0Oe5QPAgMBAAGjUDBOMB0GA1UdDgQWBBQwL79G0+KJMvN22Fly5QZ5ZeP/KzAfBgNVHSMEGDAWgBQwL79G0+KJMvN22Fly5QZ5ZeP/KzAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQDA1czoZTSCtZn1XeltQ0LBjAEMCTTf0EbKAXyb+KEI5JmxXO/rbS3Vgvo/EMmWrDU6Gt6nN2mdINNPGTsp6OFKfinNX6GB9T5dxFXm5V3Fh71PRdA8LFpgmy55Iw36gL+Ag/IJzm+UXMYhU/dYjs+NiH7BVzijHOUCFq9WUQSerVTkcB922b8dOJXklJFtNofE+nU9h1PJEI1GgTRE41MSzzHKEEgUwG/TejpiPwSQ9wDWwM7qL0StcDZYIAT5Kpi0r/60ZzUdOz7quuRwi1b01b1hBdQwI2TJVM2Wv4bdOEFqsU6Ncs55t/pRU8UI4tYvQ7A51MM8hLaDI2BLwJ6d-----END CERTIFICATE-----4):创建CA工作目录下的必要文件# touch /etc/pki/CA/index.txt # 创建证书发放列表文件# touch /etc/pki/CA/serial # 创建序号文件# echo "01" > /etc/pki/CA/serial # 写入起始序号
三、向CA申请证书:
1):生成一个自己的非对称密钥# openssl genrsa -out /lee/my.key2):申请证书(在这里私有CA申请流程就是一个证书生成的步骤了)# openssl req -new -key /lee/my.key -out /lee/my.crt # 注意这里没有-x509的选项了,-x509代表的是自签署You are about to be asked to enter information that will be incorporatedinto your certificate request.What you are about to enter is what is called a Distinguished Name or a DN.There are quite a few fields but you can leave some blankFor some fields there will be a default value,If you enter '.', the field will be left blank.-----Country Name (2 letter code) [XX]:CNState or Province Name (full name) []:GuangDongLocality Name (eg, city) [Default City]:ShenZhenOrganization Name (eg, company) [Default Company Ltd]:testOrganizational Unit Name (eg, section) []:testCommon Name (eg, your name or your server's hostname) []:www.test.comEmail Address []:www@test.comPlease enter the following 'extra' attributesto be sent with your certificate requestA challenge password []:An optional company name []:
四:CA签署证书:
1)签署# openssl ca -in /lee/my.crt -out www.test.com.crtUsing configuration from /etc/pki/tls/openssl.cnfCheck that the request matches the signatureSignature okCertificate Details:Serial Number: 1 (0x1)ValidityNot Before: Feb 3 08:29:30 2018 GMTNot After : Feb 3 08:29:30 2019 GMTSubject:countryName = CNstateOrProvinceName = GuangDongorganizationName = testorganizationalUnitName = testcommonName = www.test.comemailAddress = www@test.comX509v3 extensions:X509v3 Basic Constraints: CA:FALSENetscape Comment: OpenSSL Generated CertificateX509v3 Subject Key Identifier: 36:1E:30:68:9A:42:75:DE:EA:BE:F3:FF:EB:3C:26:5F:5B:30:4B:30X509v3 Authority Key Identifier: keyid:30:2F:BF:46:D3:E2:89:32:F3:76:D8:59:72:E5:06:79:65:E3:FF:2BCertificate is to be certified until Feb 3 08:29:30 2019 GMT (365 days)Sign the certificate? [y/n]:y1 out of 1 certificate requests certified, commit? [y/n]y Write out database with 1 new entriesData Base Updated
2)查看颁发列表:[root@localhost CA]# cat index.txt # 查看下证书颁发列表,发现已经有了一条信息,”01“就是从刚才的serial中继承来的V 190203082930Z 01 unknown /C=CN/ST=GuangDong/O=test/OU=test/CN=www.test.com/emailAddress=www@test.com
OPENSSL与私有CA搭建相关推荐
- OpenSSL以及私有CA的搭建
首先我们肯定会问什么是OpneSSL,以及OpenSSL有什么用?当让这不仅是刚接触Linux的我想知道,相信大多数人和我一样也非常想知道,因为OpenSSL是linux上基础的服务之一,了解它的应用 ...
- 加密解密技术基础及用OpenSSL创建私有CA
1.加密解密技术基础 (1)进程通信 传输层协议有TCP,UDP,SCTP等,端口号port表示进程地址,进程向内核注册独占使用某端口. 同一主机上的进程间通信方式:进程间通信(IPC), 消息队列( ...
- openssl创建私有ca
openssl创建私有ca 1.ssl大概内容 PKI:公钥基础设施结构 CA:证书权威机构,PKI的核心 CRL:证书吊销列表,使用证书之前需要检测证书有效性 证书存储格式常见的X509格式 包含内 ...
- PKI详解与openssl实现私有CA证书签发
加密解密技术基础 在看这篇文章之前,首先需要有加密解密的技术基础: 安全目标: 保密性:确保通信信息不被任何无关的人看到 完整性:实现通信双方的报文不丢失.数据完整性.系统完整性 可用性:通信任何一方 ...
- 简述ssl协议及利用openssl创建私有CA
我在这个链接中简单的介绍了下加密解密原理和相关算法及其实现:http://starli.blog.51cto.com/8813574/1671408 CA是什么?为什么需要CA? 先看下面的互联网安全 ...
- openssl 创建私有CA
创建私有CA: openssl的配置文件:/etc/pki/tls/openssl.cnf 1.创建所需要的文件 #touch index.txt #echo 01 > serial # 2.给 ...
- 在企业内部使用openssl创建私有CA
随着计算机技术的发展,信息网络技术的应用日益深入,这些应用改进了企业工作方式,提高了工作效率.而如何确保在网络中传输的身份认证.机密性.完整性.合法性.不可抵赖性等问题成为企业进一步发展和推动企业信息 ...
- 加密、解密以及Openssl建立私有CA
一.openssl简介 OpenSSL 是一个强大的安全套接字层密码库,囊括主要的密码算法.常用 的密钥和证书封装管理功能及SSL协议,并提供丰富的应用程序供测试或其它目的使用. SS ...
- openssl实现私有CA
实验环境: CA:192.168.0.109 (RHEL7.2) https_server:192.168.0.144 (centos6.9) client:192.168.0.176 (mac) 0 ...
最新文章
- nginx 常用命令 和 配置
- UBI 文件系统移植 sys 设备信息【转】
- android开发--详解ListView,动态添加,删除Adapter中的数据项
- vim 按照字段排序文件
- Codeforces Round #144 (Div. 2) B. Non-square Equation 数学解一元二次方程+分析
- spoj 2 Prime Generator
- 时光手帐怎么修改作品 时光手帐修改作品封面方法
- C#接口。 隐式实现与显式实现
- 吉林省教育学院学报杂志社吉林省教育学院学报编辑部2022年第9期目录
- 服务器上行带宽和下行带宽指的是什么
- 旋度的散度恒为0(公式推导)
- Redis:配置文件
- 修改Arduino IDE背景和字体颜色
- 如何在线将CAD图纸文件进行转换成黑白PNG格式?
- 弹簧物理-如何模拟弹簧和阻尼
- 郑小林——“浙大系”隐私计算产学研创新先锋
- 一个DC FIFO的仿真实验
- python机器学习开源代码_2016 年十大 Python 机器学习开源项目
- Ubuntu有趣命令
- uni-app(搜索页面)