openssl 인증서 생성
오류 요약
1.
SSL: error:0906406D:PEM routines:PEM_def_callback:problems getting password error:0907B068:PEM routines:PEM_READ_BIO_PRIVATEKEY:bad password read error:140B0009:SSL routines:SSL_CTX_use_PrivateKey_file:PEM lib
openssl rsa -in original.key -out unencripted.key
1. IIS 생성 ssl 인증서
1.1 루트 인증서 생성에 개인 키 추가
openssl req -new -x509 -keyout cakey.pem -out cacert.pem -config openssl.cnf
Enter PEM pass phrase:
Verifying - Enter PEM pass phrase:
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:CN
State or Province Name (full name) [Some-State]:Zhejiang
Locality Name (eg, city) []:Hangzhou
Organization Name (eg, company) [Internet Widgits Pty Ltd]:Mintcode
Organizational Unit Name (eg, section) []:Forstmourne
Common Name (e.g. server FQDN or YOUR name) []:115.29.179.22
Email Address []:[email protected]
1.2 관련 문서 생성(openssl.cnf 관련 설정)
mkdir demoCA
touch demoCA/index.html
touch demoCA/serial
vim demoCA/serial
1000
1.3 인증서 신청에 따라 인증서 생성
openssl ca -in certreq.txt -out server.pem -cert cacert.pem -keyfile cakey.pem
Enter pass phrase for cakey.pem:
Check that the request matches the signature
Signature ok
Certificate Details:
Serial Number: 4097 (0x1001)
Validity
Not Before: Jul 24 02:07:43 2015 GMT
Not After : Jul 23 02:07:43 2016 GMT
Subject:
countryName = CN
stateOrProvinceName = Zhejiang
organizationName = Mintcode
organizationalUnitName = Forstmourne
commonName = 115.29.179.22
X509v3 extensions:
X509v3 Basic Constraints:
CA:FALSE
Netscape Comment:
OpenSSL Generated Certificate
X509v3 Subject Key Identifier:
A3:72:4C:6D:5D:F9:64:C9:02:13:11:13:CF:C3:34:C1:DE:0B:BF:57
X509v3 Authority Key Identifier:
keyid:81:40:30:DB:57:2C:D0:E8:9B:B1:51:D7:D5:71:F1:6C:16:E8:5A:DB
Certificate is to be certified until Jul 23 02:07:43 2016 GMT (365 days)
Sign the certificate? [y/n]:y
1 out of 1 certificate requests certified, commit? [y/n]y
Write out database with 1 new entries
Data Base Updated
1.4 iis 생성에 인증서 필요
openssl x509 -in server.pem -out server.cer
1.5 자바 생성에 필요한 키스토어
keytool -import -file server.cer -keystore server.keystore
2. openssl 생성 ssl 인증서
2.1 루트 인증서 생성에 개인 키 추가
openssl req -new -x509 -days 365000 -keyout cakey.key -out cacert.crt -config openssl.cnf
Generating a 2048 bit RSA private key
.....................................+++
..............+++
writing new private key to 'cakey.key'
Enter PEM pass phrase:
Verifying - Enter PEM pass phrase:
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:CN
State or Province Name (full name) [Some-State]:Zhejiang
Locality Name (eg, city) []:Hangzhou
Organization Name (eg, company) [Internet Widgits Pty Ltd]:Mintcode
Organizational Unit Name (eg, section) []:Forstmourne
Common Name (e.g. server FQDN or YOUR name) []:bell
Email Address []:[email protected]
2.2 ssl 인증서 생성에 개인 키 추가
openssl req -new -keyout server.key -out server.csr
Generating a 2048 bit RSA private key
..............................................................................+++
.......+++
writing new private key to 'server.key'
Enter PEM pass phrase:
Verifying - Enter PEM pass phrase:
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:CN
State or Province Name (full name) [Some-State]:Zhejiang
Locality Name (eg, city) []:Hangzhou
Organization Name (eg, company) [Internet Widgits Pty Ltd]:Mintcode
Organizational Unit Name (eg, section) []:Forstmourne
Common Name (e.g. server FQDN or YOUR name) []:bell
Email Address []:[email protected]
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:mintcode
An optional company name []:mintcode
2.3 준비 작업
mkdir demoCA
cd demoCA
mkdir newcerts
touch index.txt
echo '01' > serial
cd ..
2.4 자체 서명
openssl ca -in server.csr -out server.crt -cert cacert.crt -keyfile cakey.key -config openssl.cnf
2.5 자바 생성에 필요한 키스토어
keytool -import -file server.crt -keystore server.keystore
2.6crt가pem로 변환
openssl x509 -in server.crt -out server.pem -outform PEM
이 내용에 흥미가 있습니까?
현재 기사가 여러분의 문제를 해결하지 못하는 경우 AI 엔진은 머신러닝 분석(스마트 모델이 방금 만들어져 부정확한 경우가 있을 수 있음)을 통해 가장 유사한 기사를 추천합니다:
다양한 언어의 JSONJSON은 Javascript 표기법을 사용하여 데이터 구조를 레이아웃하는 데이터 형식입니다. 그러나 Javascript가 코드에서 이러한 구조를 나타낼 수 있는 유일한 언어는 아닙니다. 저는 일반적으로 '객체'{}...
텍스트를 자유롭게 공유하거나 복사할 수 있습니다.하지만 이 문서의 URL은 참조 URL로 남겨 두십시오.
CC BY-SA 2.5, CC BY-SA 3.0 및 CC BY-SA 4.0에 따라 라이센스가 부여됩니다.