OpenSSL杂记(CA证书)
2024-06-05 18:57:22
OpenSSL和OpenSSH
OpenSSH
只允许白名单的用户登录
1、限制前:
ww@10.201.106.129's password:
[ww@qq ~]$ exit
logout
Connection to 10.201.106.129 closed.
[root@zz ~]# ssh ee@10.201.106.129
ee@10.201.106.129's password:
[ee@qq ~]$ exit2、限制后[root@qq ~]# vim /etc/ssh/sshd_config
AllowUsers qq root[root@qq ~]# service sshd reload
Reloading sshd: [ OK ]2.1测试
[root@zz ~]# ssh ee@10.201.106.129
ee@10.201.106.129's password:
Permission denied, please try again.
ee@10.201.106.129's password: [root@zz ~]# ssh ww@10.201.106.129
ww@10.201.106.129's password:
Permission denied, please try again.
ww@10.201.106.129's password: [root@zz ~]#
[root@zz ~]# ssh qq@10.201.106.129
qq@10.201.106.129's password:
Last login: Thu Jul 28 15:52:49 2016 from 10.201.106.128
[qq@qq ~]$ 生成随机数密码
[root@qq ~]# tr -dc A-Za-z0-9_ < /dev/urandom | head -c 16 | xargs
rCHubvWwKIA4Fxk2编译安装dropbear
1、下载解压源码包
[root@qq ~]# tar xf dropbear-2013.58.tar.bz22、阅读安装文档,默认安装在/usr/local/bin
[root@qq ~]# cd dropbear-2013.58
[root@qq dropbear-2013.58]# less INSTALLBasic Dropbear build instructions:- Edit options.h to set which features you want.
- Edit debug.h if you want any debug options (not usually required).(If using a non-tarball copy, "autoconf; autoheader")./configure (optionally with --disable-zlib or --disable-syslog,or --help for other options)Now compile:make PROGRAMS="dropbear dbclient dropbearkey dropbearconvert scp"And install (/usr/local/bin is usual default):
……3、检查配置
[root@qq dropbear-2013.58]# ./configure 4、选择要编译的组件
[root@qq dropbear-2013.58]# make PROGRAMS=' dropbear scp dropbearkey dbclient'5、安装
[root@qq dropbear-2013.58]# make PROGRAMS=' dropbear scp dropbearkey dbclient' install[root@qq dropbear-2013.58]# make PROGRAMS=' dropbear scp dropbearkey dbclient' install
install -d -m 755 /usr/local/sbin
install -m 755 dropbear /usr/local/sbin
chown root /usr/local/sbin/dropbear
chgrp 0 /usr/local/sbin/dropbear
install -d -m 755 /usr/local/bin
install -m 755 scp /usr/local/bin
chown root /usr/local/bin/scp
chgrp 0 /usr/local/bin/scp
install -d -m 755 /usr/local/bin
install -m 755 dropbearkey /usr/local/bin
chown root /usr/local/bin/dropbearkey
chgrp 0 /usr/local/bin/dropbearkey
install -d -m 755 /usr/local/bin
install -m 755 dbclient /usr/local/bin
chown root /usr/local/bin/dbclient
chgrp 0 /usr/local/bin/dbclient
[root@qq dropbear-2013.58]# [root@qq dropbear-2013.58]# cd /usr/local/bin
[root@qq bin]# ls
dbclient dropbearkey scp使用dropbear
1、生成密钥
1.1 创建目录
[root@qq bin]# mkdir /etc/dropbear1.2 生成密钥
[root@qq bin]# dropbearkey -t rsa -f /etc/dropbear/dropbear_rsa_host_key -s 2048
Will output 2048 bit rsa secret key to '/etc/dropbear/dropbear_rsa_host_key'
Generating key, this may take a while...
Public key portion is:
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAmtSn/j31kRsMGL2pcW2GhRaPRyhdC3wbtwuajPbyAvNPf/AiLMD7m31ZbyzQTlARzufZWFSeXuyjyxUNfR5zcfrcVErbz8p2Wub8Qm1H9hGz90Syy7RahwcdCmiEtG/E91t83knmOMRgncDnqi7qlCVUy31/hn3A7Dynt8Zpmjya2XpgRmHhplN4JcF7HHQ6RUamkJPYI2g8/hIyEaLbAaJMFfN0XMj2Q9urvjjyRxbSsSTdjD2GEQUBL+rrkIoxQ3DDx/5d5TKYA/YelFmMckCUJtvaEJa8kbzCxy2nWGBjde3JLRemHrOL0AMNJghxC4EUYWoweCWHyxWf14mZzu16Q== root@qq
Fingerprint: md5 d9:61:9d:b3:a7:d7:0a:f7:45:bb:4b:4d:9f:a1:08:1a
[root@qq bin]#
[root@qq bin]# ls /etc/dropbear/dropbear_rsa_host_key
/etc/dropbear/dropbear_rsa_host_key1.3 生成主机密钥
[root@qq bin]# dropbearkey -t dss -f /etc/dropbear/dropbear_dss_host_key
Will output 1024 bit dss secret key to '/etc/dropbear/dropbear_dss_host_key'
Generating key, this may take a while...
Public key portion is:
ssh-dss AAAAB3NzaC1kc3MAAACBALUVJRlZA2gh8WZAoVppglsAPHOS//uDWQqaqE5ZOiCtvhOCky1KWku4sIZQ1cK3hGTKXT+BG+2bU0HG0izn2ETqearYQo1FdU5f5opY9mxQZuBWwsscMdPAi/VL1LTBBoCJvHxfzPZIHh5+6l1TQmAbV7xqRvwEK8Kg6LngNY6lAAAAFQDKEWBnLwZ4gD0ad4kBVt88aZUaZQAAAIAzB13qfUl+EGe3Goa1dYQYM3U8X7W+5kx83Qxa4EANbb89ORPQg33fM4UMBFrM0BnG2XGeHbmxLQdizWfVJb8KdK8tHYGyCJVSF+0a42lIxlIHFi0EB6QPfLfNyYsYoB/BfxqVhtoQTQiFhqGvY+SP66oQde6r+t0ad0yqxtw+9QAAAIAxrt0bbKFkTixyRIe/XJJqNE+7UMSStH4M0oEq7T6mpJPwhZHXkhI2g/9rQ8u0erDDVsiZ+/5mB4ZBzmWBPU4xzITWjHhp0YuWLV2CI2oRBR/P6Jvyw+4+/BTM/Afsqs/QOkKzQmYRW6+zLNM9f0TXxkGigTinnBgskZy9IJKEPg== root@qq
Fingerprint: md5 cc:d6:76:e2:1a:00:b0:2d:1d:49:67:f1:9d:e8:33:7f
[root@qq bin]#
[root@qq bin]#
[root@qq bin]# ls /etc/dropbear/
dropbear_dss_host_key dropbear_rsa_host_key
[root@qq bin]# 2、启动服务
2.1 首先前台测试
[root@qq bin]# dropbear -p :22022 -F -E
[61370] Jul 29 16:17:57 Not backgrounding[root@qq bin]# ss -tnl
State Recv-Q Send-Q Local Address:Port Peer Address:Port LISTEN 0 10 10.201.106.129:53 *:*
LISTEN 0 10 127.0.0.1:53 *:*
LISTEN 0 128 :::22 :::*
LISTEN 0 128 *:22 *:*
LISTEN 0 64 :::23 :::*
LISTEN 0 128 127.0.0.1:631 *:*
LISTEN 0 128 ::1:631 :::*
LISTEN 0 128 127.0.0.1:953 *:*
LISTEN 0 100 ::1:25 :::*
LISTEN 0 100 127.0.0.1:25 *:*
LISTEN 0 128 :::43521 :::*
LISTEN 0 20 :::22022 :::*
LISTEN 0 20 *:22022 ##### *:*
LISTEN 0 128 *:35240 *:*
LISTEN 0 128 :::111 :::*
LISTEN 0 128 *:111 *:* 2.2 远程登录测试
[root@zz ~]# ssh -P 22022 root@10.201.106.129
ssh: connect to host 22022 port 22: Invalid argument
[root@zz ~]# ssh -p 22022 root@10.201.106.129
The authenticity of host '[10.201.106.129]:22022 ([10.201.106.129]:22022)' can't be established.
RSA key fingerprint is d9:61:9d:b3:a7:d7:0a:f7:45:bb:4b:4d:9f:a1:08:1a.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '[10.201.106.129]:22022' (RSA) to the list of known hosts.
root@10.201.106.129's password:
[root@qq ~]# pstree
init─┬─abrtd├─acpid├─atd├─auditd───{auditd}├─automount───4*[{automount}]├─certmonger├─console-kit-dae───63*[{console-kit-da}]├─crond├─cupsd├─dbus-daemon───{dbus-daemon}├─hald─┬─hald-runner─┬─hald-addon-acpi│ │ ├─hald-addon-inpu│ │ └─hald-addon-rfki│ └─{hald}├─login───bash├─master─┬─pickup│ └─qmgr├─mcelog├─5*[mingetty]├─named───3*[{named}]├─rpc.statd├─rpcbind├─rsyslogd───3*[{rsyslogd}]├─2*[sshd───bash]├─sshd─┬─sshd───sshd───bash│ ├─sshd───bash│ └─sshd───bash───dropbear───dropbear───bash───pstree├─udevd───2*[udevd]└─xinetd
[root@qq ~]# [root@qq bin]# dropbear -p :22022 -F -E
[61370] Jul 29 16:17:57 Not backgrounding
[61414] Jul 29 16:22:24 Child connection from 10.201.106.128:33608
[61414] Jul 29 16:22:30 Password auth succeeded for 'root' from 10.201.106.128:336083、使用dbclient客户端连接测试
[root@qq bin]# dbclient 10.201.106.128
root@10.201.106.128's password:
Last login: Sun Jul 31 01:54:38 2016 from 10.201.106.1
[root@zz ~]# exit
logout
[root@qq bin]# [61414] Jul 29 16:30:09 Exit (root): Disconnect received[root@qq bin]# 创建私有CA
私有CA默认配置文件( openssl的配置文件)
[root@qq bin]# cat /etc/pki/tls/openssl.cnfCA目录
[root@qq bin]# ll /etc/pki/CA/
total 16
drwxr-xr-x. 2 root root 4096 Oct 15 2014 certs #已签署证书
drwxr-xr-x. 2 root root 4096 Oct 15 2014 crl #吊销证书列表
drwxr-xr-x. 2 root root 4096 Oct 15 2014 newcerts #刚刚签署完的证书
drwx------. 2 root root 4096 Oct 15 2014 private1、创建所需要的文件
[root@zz ~]# cd /etc/pki/CA/
[root@zz CA]#
[root@zz CA]# touch index.txt ***
[root@zz CA]# ll
total 16
drwxr-xr-x. 2 root root 4096 May 9 20:32 certs
drwxr-xr-x. 2 root root 4096 May 9 20:32 crl
-rw-r--r--. 1 root root 0 Jul 31 07:15 index.txt
drwxr-xr-x. 2 root root 4096 May 9 20:32 newcerts
drwx------. 2 root root 4096 May 9 20:32 private
[root@zz CA]# echo 01 > serial ***
[root@zz CA]# ll
total 20
drwxr-xr-x. 2 root root 4096 May 9 20:32 certs
drwxr-xr-x. 2 root root 4096 May 9 20:32 crl
-rw-r--r--. 1 root root 0 Jul 31 07:15 index.txt
drwxr-xr-x. 2 root root 4096 May 9 20:32 newcerts
drwx------. 2 root root 4096 May 9 20:32 private
-rw-r--r--. 1 root root 3 Jul 31 07:15 serial
[root@zz CA]#2、生成私钥
[root@zz CA]# (umask 077; openssl genrsa -out private/cakey.pem 2048 )
Generating RSA private key, 2048 bit long modulus
...+++
.................................+++
e is 65537 (0x10001)
[root@zz CA]# [root@zz CA]# ll -l private/
total 4
-rw-------. 1 root root 1675 Jul 31 07:24 cakey.pem3、生成自签证书
[root@zz CA]# cd /etc/pki/CA/
[root@zz CA]# ls
certs crl index.txt newcerts private serial
[root@zz CA]# ls private/
cakey.pem
[root@zz CA]#
[root@zz CA]# openssl req -new -x509 -key private/cakey.pem -days 7300 -out cacert.pem
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:CN
State or Province Name (full name) []:Beijing
Locality Name (eg, city) [Default City]:Beijing
Organization Name (eg, company) [Default Company Ltd]:MageEdu
Organizational Unit Name (eg, section) []:Ops
Common Name (eg, your name or your server's hostname) []:ca.magedu.com
Email Address []:caadmin@magedu.com
[root@zz CA]# ll
total 24
-rw-r--r--. 1 root root 1424 Jul 31 07:36 cacert.pem
drwxr-xr-x. 2 root root 4096 May 9 20:32 certs
drwxr-xr-x. 2 root root 4096 May 9 20:32 crl
-rw-r--r--. 1 root root 0 Jul 31 07:15 index.txt
drwxr-xr-x. 2 root root 4096 May 9 20:32 newcerts
drwx------. 2 root root 4096 Jul 31 07:24 private
-rw-r--r--. 1 root root 3 Jul 31 07:15 serial
[root@zz CA]# 发证
1、客户端创建存放CA的目录
[root@zz ~]# cd /etc/httpd/
[root@zz httpd]# ls
conf conf.d logs modules run
[root@zz httpd]#
[root@zz httpd]# mkdir ssl
[root@zz httpd]# ll
total 12
drwxr-xr-x. 2 root root 4096 Jun 17 13:42 conf
drwxr-xr-x. 2 root root 4096 Jun 14 21:50 conf.d
lrwxrwxrwx. 1 root root 19 Jun 14 21:09 logs -> ../../var/log/httpd
lrwxrwxrwx. 1 root root 29 Jun 14 21:09 modules -> ../../usr/lib64/httpd/modules
lrwxrwxrwx. 1 root root 19 Jun 14 21:09 run -> ../../var/run/httpd
drwxr-xr-x. 2 root root 4096 Jul 31 09:11 ssl
[root@zz httpd]# 2、客户端生成私钥文件
[root@zz ssl]# (umask 077; openssl genrsa -out httpd.key 2048)
Generating RSA private key, 2048 bit long modulus
...+++
....+++
e is 65537 (0x10001)
[root@zz ssl]# ll
total 4
-rw-------. 1 root root 1675 Jul 31 09:56 httpd.key
[root@zz ssl]# 3、私钥提取公钥,生成证书请求
[root@qq tmp]# openssl req -new -key httpd.key -days 365 -out httpd.csrYou are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:CN
State or Province Name (full name) []:Beijing
Locality Name (eg, city) [Default City]:Beijing
Organization Name (eg, company) [Default Company Ltd]:MageEdu
Organizational Unit Name (eg, section) []:Ops
Common Name (eg, your name or your server's hostname) []:www.magedu.com
Email Address []:webadmin@magedu.comPlease enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:[root@zz ssl]# ls
httpd.csr httpd.key4、上传证书申请到CA服务器
[root@qq tmp]# scp httpd.csr root@10.201.106.128:/tmp
root@10.201.106.128's password: 5、签署证书
[root@zz CA]# openssl ca -in /tmp/httpd.csr -out certs/httpd.crt -days 365
Using configuration from /etc/pki/tls/openssl.cnf
Check that the request matches the signature
Signature ok
Certificate Details:Serial Number: 1 (0x1)ValidityNot Before: Jul 31 04:49:04 2016 GMTNot After : Jul 31 04:49:04 2017 GMTSubject:countryName = CNstateOrProvinceName = BeijingorganizationName = MageEduorganizationalUnitName = OpscommonName = www.magedu.comemailAddress = webadmin@magedu.comX509v3 extensions:X509v3 Basic Constraints: CA:FALSENetscape Comment: OpenSSL Generated CertificateX509v3 Subject Key Identifier: A3:AD:F4:55:D9:B5:74:AA:A8:9B:ED:0F:47:36:07:7B:8A:59:98:6DX509v3 Authority Key Identifier: keyid:0B:9F:56:6A:38:75:94:CD:B2:35:6E:FA:91:00:37:7C:3F:35:E5:39Certificate is to be certified until Jul 31 04:49:04 2017 GMT (365 days)
Sign the certificate? [y/n]:y1 out of 1 certificate requests certified, commit? [y/n]y
Write out database with 1 new entries
Data Base Updated
[root@zz CA]#
[root@zz CA]# ls /tmp/
httpd.crt httpd.csr
[root@zz CA]# 6、查看签署记录
[root@zz CA]# cat index.txt
V 170731044904Z 01 unknown /C=CN/ST=Beijing/O=MageEdu/OU=Ops/CN=www.magedu.com/emailAddress=webadmin@magedu.com
[root@zz CA]# 新生成的证书
[root@zz CA]# ls newcerts/
01.pem
[root@zz CA]# 保存并重命名证书
[root@zz CA]# cp newcerts/01.pem certs/httpd.pem
[root@zz CA]# ls certs/
httpd.pem
[root@zz CA]# 7、将签署完的证书发还给客户端
[root@zz CA]# scp /tmp/httpd.crt root@10.201.106.129:/etc/httpd
root@10.201.106.129's password:
httpd.crt 100% 4623 4.5KB/s 00:00
[root@zz CA]# 中途使用scp发现了一个问题,之前便已安装干扰了scp
1、查看scp依赖的ssh的路径
[root@qq tmp]# rpm -ql openssh-clients
/etc/ssh/ssh_config
/usr/bin/.ssh.hmac
/usr/bin/scp
/usr/bin/sftp
/usr/bin/slogin
/usr/bin/ssh
/usr/bin/ssh-add
/usr/bin/ssh-agent
/usr/bin/ssh-copy-id
/usr/bin/ssh-keyscan
/usr/libexec/openssh/ssh-pkcs11-helper
/usr/share/man/man1/scp.1.gz
/usr/share/man/man1/sftp.1.gz
/usr/share/man/man1/slogin.1.gz
/usr/share/man/man1/ssh-add.1.gz
/usr/share/man/man1/ssh-agent.1.gz
/usr/share/man/man1/ssh-copy-id.1.gz
/usr/share/man/man1/ssh-keyscan.1.gz
/usr/share/man/man1/ssh.1.gz
/usr/share/man/man5/ssh_config.5.gz2、复制文件
[root@qq tmp]# /usr/bin/scp /tmp/httpd.crt root@10.201.106.128:/tmp8、查看证书信息
[root@qq tmp]# openssl x509 -in httpd.crt -noout -text
Certificate:Data:Version: 3 (0x2)Serial Number: 1 (0x1)Signature Algorithm: sha1WithRSAEncryptionIssuer: C=CN, ST=Beijing, L=Beijing, O=MageEdu, OU=Ops, CN=ca.magedu.com/emailAddress=caadmin@magedu.comValidityNot Before: Jul 31 04:49:04 2016 GMTNot After : Jul 31 04:49:04 2017 GMTSubject: C=CN, ST=Beijing, O=MageEdu, OU=Ops, CN=www.magedu.com/emailAddress=webadmin@magedu.comSubject Public Key Info:Public Key Algorithm: rsaEncryptionPublic-Key: (2048 bit)Modulus:00:d9:e8:0c:6e:a8:c1:92:48:7a:0e:78:f9:a8:84:43:99:04:22:8d:04:c7:e1:28:b3:69:0f:aa:ae:4d:7e:78:7d:31:72:3a:63:42:da:52:00:76:04:26:e1:45:d3:e4:cc:9e:18:20:a6:4a:8a:98:cd:b0:09:15:da:32:b6:fc:b0:54:02:c3:17:df:8a:aa:36:89:34:e4:79:d4:ac:e9:df:9f:ef:a4:12:fd:98:ba:0d:cd:a2:00:76:df:d3:1f:80:1b:1d:bc:84:5c:b1:12:d9:10:df:ad:a1:9b:fe:06:46:b3:0d:b3:22:81:f8:e0:73:87:fc:da:99:6f:ea:54:bb:73:3a:1c:a1:db:45:ec:ad:8a:52:6f:65:70:66:ad:f1:99:a0:4c:6d:4c:91:24:47:41:81:da:dd:22:99:d9:0f:f2:9f:00:a2:f4:47:46:5b:f9:12:31:e6:2e:9a:8c:1c:f4:28:51:2f:4f:0f:e3:aa:01:3a:bf:04:65:11:9c:ee:b1:68:01:c0:3a:28:53:10:40:60:85:92:25:02:a9:8f:a1:da:b7:fb:53:4f:bc:00:88:18:21:e7:ec:f6:5f:27:b2:b1:20:56:59:1d:21:6f:cc:54:d7:ae:30:ce:74:d4:ad:1a:7b:86:34:62:47:8b:ba:3e:14:ac:f1:7f:90:bfExponent: 65537 (0x10001)X509v3 extensions:X509v3 Basic Constraints: CA:FALSENetscape Comment: OpenSSL Generated CertificateX509v3 Subject Key Identifier: A3:AD:F4:55:D9:B5:74:AA:A8:9B:ED:0F:47:36:07:7B:8A:59:98:6DX509v3 Authority Key Identifier: keyid:0B:9F:56:6A:38:75:94:CD:B2:35:6E:FA:91:00:37:7C:3F:35:E5:39Signature Algorithm: sha1WithRSAEncryption35:71:e3:df:25:3a:b9:cd:21:74:15:a0:52:4c:fc:7f:98:8f:71:3f:69:a7:1b:21:4b:47:bc:b0:65:27:4d:95:4d:fd:6f:85:36:00:f4:ce:88:ab:6e:a9:20:d0:e7:69:81:76:1f:d2:bf:ac:3f:58:f6:7f:86:3f:89:82:c9:44:fe:eb:bd:33:1d:27:87:04:85:c0:c2:a9:4e:01:d5:7f:a9:4a:ac:20:b0:c7:69:11:4b:02:f7:7f:36:01:a4:88:32:01:b9:1c:0d:a3:31:51:f8:15:8b:f8:6c:9c:ea:88:d2:6e:a5:96:11:ca:83:5a:95:e8:81:5c:4f:e8:22:2c:35:5f:4b:a5:e8:c3:4a:f1:ad:98:7f:13:14:8d:04:69:74:2c:77:b0:14:93:24:fa:40:95:ca:4c:b4:ef:d1:13:22:25:d3:d2:d5:e2:75:9a:50:eb:11:f6:90:94:ca:06:28:03:c4:ab:3a:6b:68:22:bc:4d:ed:e2:d5:3f:61:70:1f:1b:37:df:31:81:8a:be:3d:9b:11:92:af:7c:51:f3:1b:00:81:c5:4b:d3:30:30:1b:6f:47:c7:02:2a:f2:1b:84:8c:be:63:05:ce:b0:3c:51:20:8a:aa:a1:bf:a4:6f:63:41:16:63:0c:d2:39:45:88:77:cd:15:be:33:c4:f1
[root@qq tmp]#
[root@qq tmp]#
[root@qq tmp]# openssl x509 -in httpd.crt -noout -subject
subject= /C=CN/ST=Beijing/O=MageEdu/OU=Ops/CN=www.magedu.com/emailAddress=webadmin@magedu.com
[root@qq tmp]#
[root@qq tmp]#
[root@qq tmp]#
[root@qq tmp]# openssl x509 -in httpd.crt -noout -serial
serial=01
[root@qq tmp]# 转载于:https://blog.51cto.com/zhongle21/2091437
OpenSSL杂记(CA证书)相关推荐
- 使用OpenSSL实现CA证书的搭建过程
个人博客地址:http://www.pojun.tech/ 欢迎访问 什么是CA CA,Catificate Authority,通俗的理解就是一种认证机制.它的作用就是提供证书(也就是服务端证书 ...
- 如何使用Openssl 制作CA证书
一.SSL协议百科名片 SSL是Secure Socket Layer(安全套接层协议),可以在Internet上提供秘密性传输.Netscape公司在推出第一个Web浏览器的同时,提出了SSL协议标 ...
- Windows下OpenSSL创建CA证书以及客户端和服务器端证书
打开命令行工具,转到安装目录bin文件夹, $ mkdir -p ./demoCA/{private,newcerts} $ touch ./demoCA/index.txt $ echo 01 &g ...
- openssl私有CA证书签发与单双向认证
什么是CA? CA是数字认证中心的简称.指的是发放.管理.废除数字证书的机构. CA的作用: 检查证书持有者身份的合法性.签发证书(在证书上签字),以防证书被伪造或篡改,以及对证书和密钥进行管理. 建 ...
- Apache OpenSSL生成CA证书使用
最近在学习SSL协议,这次是基于Apache服务器自带的openssl来实现的 TLS:传输层安全协议 SSL:安全套接字层 KEY:私钥 CSR:证书签名请求,即公钥,生成证书时需要将此提交给证书机 ...
- 网络服务与安全之openSSL制作CA证书
在网络中,数据在服务器端与客户端之间传递,为了保证数据安全,需要将数据进行加密后再传输,这样即使数据被窃取,窃听者也无法知道数据的真实内容. 当前的网络服务中,使用TLS来加密.应用层在TLS之上,使 ...
- 24、OpenSSL生成CA证书及终端用户证书
1.准备ca.conf配置文件 内容如下 [ req ] default_bits = 4096 distinguished_name = req_distinguished_name[ ...
- win64使用openssl生成ca证书
一.准备工作: 1. 下载win64的Openssl,可到http://slproweb.com/products/Win32OpenSSL.html下载,这里下载1.0.1j版本.同时在该地址下载V ...
- nginx反向代理cas-server之2:生成证书,centOS下使用openssl生成CA证书(根证书、server证书、client证书)...
前些天搭好了cas系统,这几天一致再搞nginx和cas的反向代理,一直不成功,但是走http还是测试通过的,最终确定是ssl认证证书这一块的问题,原本我在cas服务端里的tomcat已经配置了证书, ...
- linux下利用openssl来实现证书的颁发(详细步骤)--转载和修改
原文地址:http://www.cnblogs.com/firtree/p/4028354.html linux下利用openssl来实现证书的颁发(详细步骤) 1.首先需要安装openssl,一个开 ...
最新文章
- php 访问类成员,PHP类成员的访问方式和权限_PHP教程
- Podfile 常见语法
- Redis 性能问题分析(好文推荐)
- 文化之旅(dijstra)
- androidannotations
- Leetcode113路径总和2
- 如何制作并更改项目icon文件
- DNS 学习笔记之5- DNS区域详解
- Basic Calculator
- node中间件KOA函数
- MAC M1 安装 matlab2020a
- 中国数字化转型的未来与建议
- 163邮箱注册及授权密码开通
- win7蓝屏_0x0000007e蓝屏代码怎么回事?Win7蓝屏0x0000007e解决方法
- 根据经纬度使用百度和高德地图 进行导航
- 乐观锁和悲观锁区别以及使用场景
- python 多线程卡死跳出_解决python线程卡死的问题
- 计算智能——感知器模型
- “阿里日”102 对新人举办集体婚礼,张勇证婚:“又热,又爱”!
- rust火箭下楼_rust火箭基地刷新 | 手游网游页游攻略大全
热门文章
- 普通文本与富文本,超文本之间的区别
- uwsgi 的启动、停止、重启
- O'Reilly总裁提姆-奥莱理:什么是Web 2.0
- 计算机图像图形处理相关概念
- 上海Apple面试php,面试Apple苹果APO的MQE经验
- Incorrect string value: '\\xE6\\xBF\\x80\\xE5\\x85\\x89...' for column 'rukuName' at row 1 QMYSQL:
- 愿天下有情人都是失散多年的兄妹 (25 分)
- Docker------网络
- 切比雪夫带通滤波器 matlab,MATLAB|切比雪夫低通滤波器设计与滤波实现
- 推荐老牌挂机网赚 沙丁鱼流量联盟