zoukankan      html  css  js  c++  java

  • 怎样获取自己的SSL证书

    原创文章,转载请注明出处:server非业余研究http://blog.csdn.net/erlib 作者Sunface


    假设仅为了測试,那使用以下方法就可以:

    測试证书创建:

    1.创建证书的key

    1. $ openssl genrsa -out key.pem 1024


    2.创建证书,注意这里的common name应该填你的server name

    1. $ openssl req -new -key key.pem -out request.pem

    3.    Country Name (2 letter code) [AU]:UA
    4.    State or Province Name (full name) [Some-State]:
    5.    Locality Name (eg, city) []:Kiev
    6.    Organization Name (eg, company) [Internet Widgits Pty Ltd]:site4fast blog
    7.    Organizational Unit Name (eg, section) []:.
    8.    Common Name (eg, YOUR name) []:site4fast.example.net
    9.    Email Address []:site4fast@example.net

    11.    Please enter the following 'extra' attributes
    12.    to be sent with your certificate request
    13.    A challenge password []:
    14.    An optional company name []:


    3.证书签字

    1. $ openssl x509 -req -days 30 -in request.pem -signkey key.pem -out certificate.pem


    4.至此,我们须要的測试证书已经创建好了:"self-signed certificate".



    正式的证书创建步骤:

    1.安装CA证书

    1. $ aptitude install ssl-cert ca-certificates

    2.在startssl.com注冊

    3.创建一个请求

    1. $ openssl req -new -newkey rsa:2048 -nodes -keyout www_privatekey.pem -out www_csr.pem


    1. Generating a 2048 bit RSA private key
    2.  ..................................++++++
    3.  ....................++++++
    4.  writing new private key to 'www_privatekey.pem'
    5.  -----
    6.  You are about to be asked to enter information that will be incorporated
    7.  into your certificate request.
    8.  What you are about to enter is what is called a Distinguished Name or a DN.
    9.  There are quite a few fields but you can leave some blank
    10.  For some fields there will be a default value,
    11.  If you enter '.', the field will be left blank.
    12.  -----
    13.  Country Name (2 letter code) [AU]:UA
    14.  State or Province Name (full name) [Some-State]:Some state
    15.  Locality Name (eg, city) []:Some City
    16.  Organization Name (eg, company) [Internet Widgits Pty Ltd]:Some Organisation
    17.  Organizational Unit Name (eg, section) []:IT
    18.  Common Name (eg, YOUR name) []:www.example.org
    19.  Email Address []:test@example.org
    20.  
    21.  Please enter the following 'extra' attributes
    22.  to be sent with your certificate request
    23.  A challenge password []:
    24.  An optional company name []:

    4.在发送之前验证请求的内容

    1. $ openssl req -in www_csr.pem -text -verify -noout

    5.将请求发送给startssl.com,从站点请求一个新的证书。当须要CSR的时候将'www_csr.pem'填进去


    6.从网页上复制证书。然后放入'www_certificate.pem'文件,然后检查文件的内容:

    1. $ openssl x509 -in www_certificate.pem -text -noout

    7.測试server证书

    1. $ openssl verify www_certificate.pem

    假设都正确。那就会看到OK的提示

    1. www_certificate.pem: OK
  • 相关阅读:
    nginx 优化
    linux 内核的优化
    Linux下如何查看版本
    oracle安装数据库中文乱码解决办法
    Python 5 行代码的神奇操作
    Python爬取网站上面的数据很简单,但是如何爬取APP上面的数据呢
    解放双手!用 Python 控制你的鼠标和键盘
    js混淆、eval解密
    ubuntu
    爬虫基本原理
  • 原文地址:https://www.cnblogs.com/lcchuguo/p/5124073.html
Copyright © 2011-2022 走看看