openssl생 무료 인증서--직접 실천 유효
2479 단어 https 환경 구축 인증서 신뢰
openssl생 무료 인증서
1. 폴더 만들기 및 인증서 개인 키 만들기
makdir -p /data/cert
cd /data/cert
openssl genrsa -des3 -out server.key 2048
효과는 아래와 같습니다. 비밀번호를 입력하고 확인하면 뒤에 쓸모가 있습니다.Generating RSA private key, 2048 bit long modulus
......................................................................................................................+++
..........+++
e is 65537 (0x10001)
Enter pass phrase for server.key:
Verifying - Enter pass phrase for server.key:
2. 인증서 개인 키에 따라 인증서 생성
openssl req -new -key server.key -out server.csr
효과는 아래와 같다. 위의 비밀번호를 기입한 다음에 개인 정보를 기입하면 마음대로 아무렇게나 쓸 수 있다.[root@zjdk cert]# openssl req -new -key server.key -out server.csr
Enter pass phrase for server.key:
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
# CN
Country Name (2 letter code) [XX]:CN
#
State or Province Name (full name) []:beijing
#
Locality Name (eg, city) [Default City]:beijing
#
Organization Name (eg, company) [Default Company Ltd]:xxxx
#
Organizational Unit Name (eg, section) []:xxxx
#
Common Name (eg, your name or your server's hostname) []:crazyk.com.cn
#
Email Address []:[email protected]
Please enter the following 'extra' attributes
to be sent with your certificate request
# ,
A challenge password []:
An optional company name []:
3. 개인 키 백업
cp server.key server.key.org
4. 변환 인증서
#
openssl rsa -in server.key.org -out server.key
효과는 아래와 같다. 이것은 역시 처음 기입한 비밀번호를 입력해야 한다[root@zjdk cert]# openssl rsa -in server.key.org -out server.key
Enter pass phrase for server.key.org:
writing RSA key
5. 인증서에 서명하기
#
openssl x509 -req -days 3650 -in server.csr -signkey server.key -out server.crt
효과는 다음과 같다.[root@zjdk cert]# openssl x509 -req -days 3650 -in server.csr -signkey server.key -out server.crt
Signature ok
subject=/C=cn/ST=beijing/L=beijing/O=xx/OU=cre.com/CN=cer.com/emailAddress=code_dking.com
Getting Private key
makdir -p /data/cert
cd /data/cert
openssl genrsa -des3 -out server.key 2048
Generating RSA private key, 2048 bit long modulus
......................................................................................................................+++
..........+++
e is 65537 (0x10001)
Enter pass phrase for server.key:
Verifying - Enter pass phrase for server.key:
openssl req -new -key server.key -out server.csr
[root@zjdk cert]# openssl req -new -key server.key -out server.csr
Enter pass phrase for server.key:
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
# CN
Country Name (2 letter code) [XX]:CN
#
State or Province Name (full name) []:beijing
#
Locality Name (eg, city) [Default City]:beijing
#
Organization Name (eg, company) [Default Company Ltd]:xxxx
#
Organizational Unit Name (eg, section) []:xxxx
#
Common Name (eg, your name or your server's hostname) []:crazyk.com.cn
#
Email Address []:[email protected]
Please enter the following 'extra' attributes
to be sent with your certificate request
# ,
A challenge password []:
An optional company name []:
cp server.key server.key.org
#
openssl rsa -in server.key.org -out server.key
[root@zjdk cert]# openssl rsa -in server.key.org -out server.key
Enter pass phrase for server.key.org:
writing RSA key
#
openssl x509 -req -days 3650 -in server.csr -signkey server.key -out server.crt
[root@zjdk cert]# openssl x509 -req -days 3650 -in server.csr -signkey server.key -out server.crt
Signature ok
subject=/C=cn/ST=beijing/L=beijing/O=xx/OU=cre.com/CN=cer.com/emailAddress=code_dking.com
Getting Private key