中小型企业证书认证服务器的搭建详解
- openssl speed:测试openssl对各种加密算法的速度
- openssl enc:
- -e:加密
- -d:解密
- -k:指定加密密钥
- -a:基于base64机制处理
- openssl enc -des3(指定加密算法) -salt -a -in(对哪个文件) inittab(文件) -out(放到哪个文件中) inittab.des3
- openssl提取特征码:
- openssl dgst -sha1 passwd 使用sha1方式
- openssl dgst -md5 passwd 使用md5方式
- openssl passwd:
- openssl passwd -1(指定md5格式)
- -salt(指定杂质)
- openssl passwd -1 -salt 1234567
- openssl rand -base64 长度 用来生成随机数
- [root@www CA]# mkdir crl newcerts certs
- [root@www CA]# touch serial
- [root@www CA]# touch index.txt
- [root@www CA]# ls
- cacert.pem crl index.txt.attr newcerts serial certs index.txt private
- [root@www private]# cat cakey.pem
- -----BEGIN RSA PRIVATE KEY-----
- MIIEowIBAAKCAQEA0SBIoqQIrTCIaAUUta9mhEz/CSotVj214Iv8xgiLl8Z0ElU+
- mgipTVhCS6e9KV3IaKymUoAxKbW1zntCe7OBVMOPoPEAip1qTxohkIIF9K+8lC94
- rbLJPORVMDd8l2MeqoK9gSt57aWbxJspG50T8egxjK5gL5gLRdSUqcmpsuWkdZP8
- znR/AhEH+zpT6bmg1ds99yl5Yg42hFeiulUwddlZmVvneZVDduuovOmGX2dtwqQM
- rympbdRt2FzP6LWdQBykVstw1SVN0p6cnbxTPTCZTRFD0AgRoMPSsYxh2cpYC5Gs
- bydXiToi50VLy8M/AGz1eOE+xgquD5jVpcr2OQIDAQABAoIBAF7SmJzGa/i7jN49
- j4piIcXTc8CgEzaLfLB4SQEyVrlXDsJRTLVjQAEGB+luAWOEVp6/yhqWbbRP5EPf
- t+GHHxlkIvgCzxALGG0NmDKCAllUZdl7POjlrEGj9syKHEA4fWsrJOow4HRVJzAa
- eqU+sBB8DBuR5aMu+c2L+mySOBQZInJoMZTwoXMHquV1UUJuFwSzuRTe6z5lLxnH
- 50qAYFxReepSPq+cdRM3f8mJwaxU4xmx3vIF98Je1o+fg7bZJEUYTHI44TylqLnn
- 3PLzR/gqgdcMUilM+2iMwORKpXYT722m0ZoJicRISW9jmrZYrskBzN2n/+ANBIg6
- upjfJkECgYEA7ivEThNhFcb06iDrKdjtCUc1s8gqSZ+O7Aw+Avd1vtBxIxNL6ISt
- tyNxuy86yOraBrlZpt8uvRNXiLnKykmsEHRTm+I6f0yAcUtDtcciShUiBUb3IGt4
- SinR9TGqAxJaqzxQGEKiS3W736kV+9uTYyTpvrVADwmCzAbXjz3pLv0CgYEA4Mfp
- FE7I7GMJ8JkBrQObVjt43WX1tY4LzdZ+Tj5g8+WxWfMo+G2FMdaOMuCLZC/jChOe
- v8mHQvtbbT92HYzep8sFs/kntWxT53TGvEp8uFGyfCoX/ciSFPNyHHuL3JWqI9G3
- yBAHcZzdocSr5l8vthNDWCAuN1oA1LjZgpwtLu0CgYAfqDOciRjjcyGEqUF4u3uu
- OwfZUKbGSG4P1AS+EjRVW5FeLydszY3lhNGOJtXydLzsHeDbvFiTCyocY02gG7DC
- MyQV2TkbSIjeBjoGxGQ7Ypm2B9u7NG21td9RbvuBEwR4NDkVMG4wB4MkVG42ntX1
- XKexEJhmJ0Z6ZgJq6LjA5QKBgEdWSpt+UXfsCpiIBqchEOhyIW6qUCuZdBeUbito
- 0p41FG8Go8cMAwyJGkH9T1+xbu2gwm39iGbynNZ0IIlKTtOTtDCk7zw9r/cx8WyK
- e0CH9QxA07JgODRb+qgdcYrFGOUbRqdApwwgi5oub5vCM8MmI+ZQ+Dnq336jV6yC
- 4jgVAoGBAKDdoyPEUHyszUVf9MWNAQCeJNiH3Wpj6dY+e66bpkShrQ7JFRpw+fXt
- icy4xC6lhd4tD9M9ODCC/n9906ySurij9lOCO0X00coSlE9/44lrRwz9hD5KTYKJ
- zeGNRLJixgIFnMzbanzmvr4+zgJz9G1RW9BtDm1Pmdo+TrZDg2kK
- -----END RSA PRIVATE KEY-----
- [root@www CA]# openssl req -new -x509 -key private/cakey.pem -out cacert.pem
- You are about to be asked to enter information that will be incorporated
- into your certificate request.
- What you are about to enter is what is called a Distinguished Name or a DN.
- There are quite a few fields but you can leave some blank
- For some fields there will be a default value,
- If you enter '.', the field will be left blank.
- -----
- Country Name (2 letter code) [GB]:CN #国家
- State or Province Name (full name) [Berkshire]:Henan #省份
- Locality Name (eg, city) [Newbury]:zhengzhou #城市
- Organization Name (eg, company) [My Company Ltd]:wangej #公司
- Organizational Unit Name (eg, section) []:jishubu #部门
- Common Name (eg, your name or your server's hostname) []:ca.wangej.com #服务器的主机名
- Email Address []:caadmin@wangej.com #管理员邮箱
- [root@www CA]# openssl x509 -text -in cacert.pem
- Certificate:
- Data:
- Version: 3 (0x2)
- Serial Number:
- b5:4a:6d:18:6c:ac:eb:b5
- Signature Algorithm: sha1WithRSAEncryption
- Issuer: C=CN, ST=Henan, L=Zhengzhou, O=Wangej, OU=jishubu, CN=ca.wangej.com/emailAddress=caadmin@wangej.com
- Validity
- Not Before: Apr 7 06:26:56 2013 GMT
- Not After : May 7 06:26:56 2013 GMT
- Subject: C=CN, ST=Henan, L=Zhengzhou, O=Wangej, OU=jishubu, CN=ca.wangej.com/emailAddress=caadmin@wangej.com
- Subject Public Key Info:
- Public Key Algorithm: rsaEncryption
- RSA Public Key: (2048 bit)
- Modulus (2048 bit):
- 00:d1:20:48:a2:a4:08:ad:30:88:68:05:14:b5:af:
- 66:84:4c:ff:09:2a:2d:56:3d:b5:e0:8b:fc:c6:08:
- 8b:97:c6:74:12:55:3e:9a:08:a9:4d:58:42:4b:a7:
- bd:29:5d:c8:68:ac:a6:52:80:31:29:b5:b5:ce:7b:
- 42:7b:b3:81:54:c3:8f:a0:f1:00:8a:9d:6a:4f:1a:
- 21:90:82:05:f4:af:bc:94:2f:78:ad:b2:c9:3c:e4:
- 55:30:37:7c:97:63:1e:aa:82:bd:81:2b:79:ed:a5:
- 9b:c4:9b:29:1b:9d:13:f1:e8:31:8c:ae:60:2f:98:
- 0b:45:d4:94:a9:c9:a9:b2:e5:a4:75:93:fc:ce:74:
- 7f:02:11:07:fb:3a:53:e9:b9:a0:d5:db:3d:f7:29:
- 79:62:0e:36:84:57:a2:ba:55:30:75:d9:59:99:5b:
- e7:79:95:43:76:eb:a8:bc:e9:86:5f:67:6d:c2:a4:
- 0c:af:29:a9:6d:d4:6d:d8:5c:cf:e8:b5:9d:40:1c:
- a4:56:cb:70:d5:25:4d:d2:9e:9c:9d:bc:53:3d:30:
- 99:4d:11:43:d0:08:11:a0:c3:d2:b1:8c:61:d9:ca:
- 58:0b:91:ac:6f:27:57:89:3a:22:e7:45:4b:cb:c3:
- 3f:00:6c:f5:78:e1:3e:c6:0a:ae:0f:98:d5:a5:ca:
- f6:39
- Exponent: 65537 (0x10001)
- X509v3 extensions:
- X509v3 Subject Key Identifier:
- 9A:78:03:D5:26:0E:2D:11:6D:FD:57:22:6E:09:E4:62:DA:37:19:9A
- X509v3 Authority Key Identifier:
- keyid:9A:78:03:D5:26:0E:2D:11:6D:FD:57:22:6E:09:E4:62:DA:37:19:9A
- DirName:/C=CN/ST=Henan/L=Zhengzhou/O=Wangej/OU=jishubu/CN=ca.wangej.com/emailAddress=caadmin@wangej.com
- serial:B5:4A:6D:18:6C:AC:EB:B5
- X509v3 Basic Constraints:
- CA:TRUE
- Signature Algorithm: sha1WithRSAEncryption
- a6:57:5d:59:76:60:27:88:3b:14:3a:91:43:7a:f3:c7:50:d9:
- ba:0e:9f:83:b5:c9:4e:a3:fa:85:72:3c:73:d5:2e:e1:cd:fd:
- 6c:ed:41:db:3e:52:00:4a:0a:dc:bc:a2:7a:c1:25:7b:39:ad:
- 94:4a:8b:c6:15:1b:df:1c:1d:c7:1c:e3:96:c5:75:f8:9c:9c:
- 49:0b:fb:00:76:16:77:e9:f6:7d:87:53:46:e8:af:7f:c1:6d:
- 8e:9d:28:bc:57:ec:35:af:29:fc:51:a8:81:50:6f:a7:b8:e6:
- f1:d7:23:ad:98:8f:e0:28:a0:b5:d8:5d:2b:5a:94:a3:1b:74:
- ee:8e:30:42:05:f4:1c:89:d8:f9:fd:64:c4:98:f5:1c:88:39:
- b6:c4:2c:a7:2f:9f:59:5d:29:4d:6b:0a:1b:cc:a2:dd:6d:82:
- 2a:cf:dd:23:fa:5b:b2:e5:0b:07:fc:c7:25:ea:8d:40:16:3c:
- 8d:15:f7:6a:bb:3e:08:d3:3c:3d:b8:f4:fc:36:42:11:80:ad:
- 79:29:bf:70:90:e6:e9:a9:75:f6:2b:dc:cc:e4:18:5b:fc:79:
- 5d:74:17:39:6c:a8:ac:8d:2a:9f:b4:ac:cc:30:a7:fd:10:63:
- b2:78:f0:24:f7:8b:71:02:55:87:ad:ed:ee:23:e0:60:31:03:
- 81:31:e8:7e
- -----BEGIN CERTIFICATE-----
- MIIEmzCCA4OgAwIBAgIJALVKbRhsrOu1MA0GCSqGSIb3DQEBBQUAMIGPMQswCQYD
- VQQGEwJDTjEOMAwGA1UECBMFSGVuYW4xEjAQBgNVBAcTCVpoZW5nemhvdTEPMA0G
- A1UEChMGV2FuZ2VqMRAwDgYDVQQLEwdqaXNodWJ1MRYwFAYDVQQDEw1jYS53YW5n
- ZWouY29tMSEwHwYJKoZIhvcNAQkBFhJjYWFkbWluQHdhbmdlai5jb20wHhcNMTMw
- NDA3MDYyNjU2WhcNMTMwNTA3MDYyNjU2WjCBjzELMAkGA1UEBhMCQ04xDjAMBgNV
- BAgTBUhlbmFuMRIwEAYDVQQHEwlaaGVuZ3pob3UxDzANBgNVBAoTBldhbmdlajEQ
- MA4GA1UECxMHamlzaHVidTEWMBQGA1UEAxMNY2Eud2FuZ2VqLmNvbTEhMB8GCSqG
- SIb3DQEJARYSY2FhZG1pbkB3YW5nZWouY29tMIIBIjANBgkqhkiG9w0BAQEFAAOC
- AQ8AMIIBCgKCAQEA0SBIoqQIrTCIaAUUta9mhEz/CSotVj214Iv8xgiLl8Z0ElU+
- mgipTVhCS6e9KV3IaKymUoAxKbW1zntCe7OBVMOPoPEAip1qTxohkIIF9K+8lC94
- rbLJPORVMDd8l2MeqoK9gSt57aWbxJspG50T8egxjK5gL5gLRdSUqcmpsuWkdZP8
- znR/AhEH+zpT6bmg1ds99yl5Yg42hFeiulUwddlZmVvneZVDduuovOmGX2dtwqQM
- rympbdRt2FzP6LWdQBykVstw1SVN0p6cnbxTPTCZTRFD0AgRoMPSsYxh2cpYC5Gs
- bydXiToi50VLy8M/AGz1eOE+xgquD5jVpcr2OQIDAQABo4H3MIH0MB0GA1UdDgQW
- BBSaeAPVJg4tEW39VyJuCeRi2jcZmjCBxAYDVR0jBIG8MIG5gBSaeAPVJg4tEW39
- VyJuCeRi2jcZmqGBlaSBkjCBjzELMAkGA1UEBhMCQ04xDjAMBgNVBAgTBUhlbmFu
- MRIwEAYDVQQHEwlaaGVuZ3pob3UxDzANBgNVBAoTBldhbmdlajEQMA4GA1UECxMH
- amlzaHVidTEWMBQGA1UEAxMNY2Eud2FuZ2VqLmNvbTEhMB8GCSqGSIb3DQEJARYS
- Y2FhZG1pbkB3YW5nZWouY29tggkAtUptGGys67UwDAYDVR0TBAUwAwEB/zANBgkq
- hkiG9w0BAQUFAAOCAQEAplddWXZgJ4g7FDqRQ3rzx1DZug6fg7XJTqP6hXI8c9Uu
- 4c39bO1B2z5SAEoK3LyiesElezmtlEqLxhUb3xwdxxzjlsV1+JycSQv7AHYWd+n2
- fYdTRuivf8Ftjp0ovFfsNa8p/FGogVBvp7jm8dcjrZiP4CigtdhdK1qUoxt07o4w
- QgX0HInY+f1kxJj1HIg5tsQspy+fWV0pTWsKG8yi3W2CKs/dI/pbsuULB/zHJeqN
- QBY8jRX3ars+CNM8Pbj0/DZCEYCteSm/cJDm6al19ivczOQYW/x5XXQXOWyorI0q
- n7SszDCn/RBjsnjwJPeLcQJVh63t7iPgYDEDgTHofg==
- -----END CERTIFICATE-----
- [root@www ssl]# openssl ca -in httpd.csr -out httpd.crt -days 365
- Using configuration from /etc/pki/tls/openssl.cnf
- Check that the request matches the signature
- Signature ok
- Certificate Details:
- Serial Number: 1 (0x1)
- Validity
- Not Before: Apr 7 06:41:12 2013 GMT
- Not After : Apr 7 06:41:12 2014 GMT
- Subject:
- countryName = CN
- stateOrProvinceName = Henan
- organizationName = Wangej
- organizationalUnitName = jishubu
- commonName = www.wangej.com
- emailAddress = wwwadmin@wangej.com
- X509v3 extensions:
- X509v3 Basic Constraints:
- CA:FALSE
- Netscape Comment:
- OpenSSL Generated Certificate
- X509v3 Subject Key Identifier:
- 17:C6:85:DB:34:DC:AE:21:79:CA:22:90:C9:E2:14:7B:C3:3B:02:7D
- X509v3 Authority Key Identifier:
- keyid:9A:78:03:D5:26:0E:2D:11:6D:FD:57:22:6E:09:E4:62:DA:37:19:9A
- Certificate is to be certified until Apr 7 06:41:12 2014 GMT (365 days)
- Sign the certificate? [y/n]:y
- 1 out of 1 certificate requests certified, commit? [y/n]y
- Write out database with 1 new entries
- Data Base Updated
转载于:https://blog.51cto.com/yhwhzhang/1173083
中小型企业证书认证服务器的搭建详解相关推荐
- Linux的企业-Codis 3集群搭建详解
Codis 3集群搭建详解 Codis 3介绍 对于Redis集群方案有好多种,基本常用的就是twemproxy,codis.redis cluster这三种解决方案,本人有幸工作中都大量使用过,各有 ...
- linux ftp 团队认证,linux下ftp和ftps以及ftp基于mysql虚拟用户认证服务器的搭建
linux下ftp和ftps以及ftp基于mysql虚拟用户认证服务器的搭建 1.FTP协议:有命令和数据连接两种 命令连接,控制连接:21/tcp 数据连接: 主动模式,运行在20/tcp端口 和 ...
- linux ftp mysql_linux下ftp和ftps以及ftp基于mysql虚拟用户认证服务器的搭建
命令连接,控制连接:21/tcp 数据连接: 主动模式,运行在20/tcp端口 和 被动模式,运行在随机端口 数据传输模式(自动模式):有二进制(mp3,jpg等)和文本(html)两种传输模式 ft ...
- FTP(文件传输协议)及实验搭建详解(本地认证,虚拟用户,加密传输,限制登陆)
文章目录 FTP传输协议及实验搭建详解 一.引子 二.FTP的原理和基本概念 三.FTP服务器实验构建(基础测试,本地认证,虚拟用户,加密传输,限制登陆) FTP传输协议及实验搭建详解 一.引子 终于 ...
- DHCP原理及服务器搭建详解(固定IP地址,DHCP中继服务)
DHCP原理及服务器搭建详解 一.引子: DHCP在网络中的作用非常重要,简单来说就像给每台服务器配身份证的机构,你有合格的身份才能做合格的事情,要不然连火车都坐不了.服务器只有被DHCP服务配置了I ...
- 【ssl认证、证书】openssl genrsa 命令详解
文章目录 一.openssl genrsa 命令介绍 二.openssl genrsa 命令的语法及选项 三.实例 1.生成512位的 RSA 秘钥,输出到屏幕. 2.生成512位 RSA 私钥,输出 ...
- OpenStack Queens版搭建详解
目录 OpenStack Queens版搭建详解 1.基础环境配置 1.2 节点网络规划 1.3 关闭防火墙 1.4 配置yum源 1.5 配置节点IP 1.6 配置主机名 1.7 配置主机名解析(h ...
- 华为服务器bios系统,华为服务器bios配置详解
华为服务器bios配置详解 内容精选 换一换 当您想在Internet上通过域名访问您的网站时,可以通过本操作将域名托管至华为云的云解析服务,并为域名添加解析记录.例如,搭建一个网站服务器,采用IPv ...
- DAMP环境搭建详解 DAMP----Debian Apache2 Mysql PHP5
DAMP环境搭建详解 DAMP----Debian Apache2 Mysql PHP5 1. 更新Debian apt-get update apt-get updgrade 2. 安装Samba服 ...
最新文章
- 时间复杂度与空间复杂度分析
- 计算机学院志愿公益活动,计算机学院开展学雷锋主题公益活动
- python3(六)监督学习
- xmind-HTTP协议
- 开发之前需要哪些文档_为什么在开发之前总是应该做文档
- C语言课后习题(54)
- 室内温湿度监测系统解决方案
- vm linux数据恢复,VMWARE虚拟机数据恢复
- QT_Astyle 代码管理工具
- 程序员面向软件开发时,如何成功?
- Android 系统开发系列四
- 安卓手机管理软件_日程管理软件哪个好?
- 云网络被广泛应用 企业SaaS选型面临五大安全问题
- mysql 局部变量集合_mysql全局变量和局部变量
- zdc找不到xenapp服务器,Citrix XenApp 客户端访问服务器的通讯流程
- 通信电子电路实验(一)—— 高频小信号调谐放大器电路设计
- python实现wgs84坐标系和ECEF坐标系的互换
- JUCE框架教程(6)——通过AudioProcessorValuetTeeState链接数据和UI
- FYI | 谷歌的summer project围观一下
- Invenio 数字图书馆框架
热门文章
- 生产可运维的云原生本地存储系统 HwameiStor 入选 CNCF 全景图
- 计算机网络实验之IPV4划分子网 - -划分子网
- 方差公式初三_九年级数学方差与标准差
- Linux系统CentOS镜像文件下载地址(如:CentOS-6.5-x86_64-bin-DVD1.iso)
- Clumsy-Windows下网络环境模拟工具
- 智能家居网络系统设计(二)
- idea安装proto插件后不能识别.proto文件解决方案
- Where’s My Water 测评,谁会知道鳄鱼喜欢洗澡呢?
- 修改密码 passwd
- random.shuffle和numpy.random.shuffle用法一样吗?