zoukankan      html  css  js  c++  java
  • 自签名证书

    因nginx上的证书不对,导致ie浏览器即使在导入根证书的情况下还是弹出证书中的域名和请求域名不符的问题,经查是common name需要指定的为域名,如*.test.com。

    http://www.haiyun.me/archives/openssl-ca-cert.html

     
    mkdir -p /etc/pki/demoCA

    2.生成根证书及私钥:

    cd /etc/pki/demoCA
    mkdir private crl certs newcerts #新建证书存放目录
    echo '00' > serial #新建serial文件并写入初始序列号00
    touch index.txt #新建index.txt空文件
    openssl genrsa -out private/cakey.pem 1024 #生成CA根证书私钥
    openssl req -new -x509 -key private/cakey.pem  -out cacert.pem #生成CA根证书
     

    3.生成服务器证书私钥、证书,可用于https服务器等。

    openssl genrsa -out private/server.key 1024
    openssl req -new -key private/server.key -out crl/server.csr #生成证书请求文件,可提供认证CA签核,或自签名。
    cd ..
    openssl ca -in demoCA/crl/server.csr -out demoCA/certs/server.crt #自签名证书

    http://www.rackspace.com/knowledge_center/article/generate-a-csr-with-openssl

    DN Field Explanation Example
    Common Name The fully qualified domain name for your web server. This must be an exact match. If you intend to secure the URL https://www.yourdomain.com, then your CSR's common name must be www.yourdomain.com. If you plan on getting a wildcard certificate make sure to prefix your domain with an asterisk, example: *.domain.com.
    Organization The exact legal name of your organization. Do not abbreviate your organization name. domain.com
    Organization Unit Section of the organization IT
    City or Locality The city where your organization is legally located. Wellesley Hills
    State or Province The state or province where your organization is legally located. Can not be abbreviated. Massachusetts
    Country The two-letter ISO abbreviation for your country. US
  • 相关阅读:
    总结jQuery选择器
    Responsive布局技巧
    学习资料
    大公司开源项目【转载】
    针对css3特性浏览器兼容 封装less
    手把手教你nginx/linux下如何增加网站
    又一枚神器:nginx
    http://www.howtocn.org/nginx
    nginx修改内核参数
    Nginx
  • 原文地址:https://www.cnblogs.com/jvava/p/4366169.html
Copyright © 2011-2022 走看看