文章结构____________________________________________________________
1、实例
2、帮助命令
3、常用命令
1、实例____________________________________________________________
----------------------------pem格式的证书-------------
1、CA的私钥,自签名证书
openssl genrsa -out ca-key.pem -aes128 2048
openssl req -new -x509 -key ca-key.pem -out ca-cert.pem -days 1000
牢记下面三个属性值,生成csr.pem时需要保持一致:
Country Name,State or Province Name,Organization Name
2、server端的私钥,证书请求,证书
openssl genrsa -out server-key.pem -aes128 2048
openssl req -new -key server-key.pem -out server-csr.pem
openssl ca -in server-csr.pem -cert ca-cert.pem -keyfile ca-key.pem -out server-cert.pem -days 365
如果发生以下错误:
"I am unable to access the ../../CA/newcerts directory ../../CA/newcerts: No such file or directory"
只需要:
# create directory
$ mkdir ../../CA
$ mkdir ../../CA/newcerts
# create empty file :
$ vi ../../CA/index.txt
# create file and input 01 (the content is 01) :
$ vi ../../CA/serial
3、client端的私钥,证书请求,证书
openssl genrsa -out client-key.pem -aes128 2048
openssl req -new -key client-key.pem -out client-csr.pem
openssl ca -in client-csr.pem -cert ca-cert.pem -keyfile ca-key.pem -out client-cert.pem -days 365
----------------------------p12格式的证书-------------
openssl pkcs12 -export -in client-cert.pem -inkey client-key.pem -out client-cert.p12
----------------------------jks格式的证书-------------
keytool -genkeypair -keyalg RSA -alias client -keystore client.jks
# 删除PrivateKeyEntry
keytool -delete -alias client -keystore client.jks
# check keystore
#keytool -list -v -keystore client.jks
# covert format,否则不能把private-key导入到jks
openssl pkcs8 -in client-key.pem -inform pem -out client-key.pk8 -outform der -topk8 -nocrypt
# 需要下载pkeytool.jar到当前目录
# import client-key.pk8,client-cert.pem
java -jar pkeytool.jar -importkey -keyfile client-key.pk8 -certfile client-cert.pem -alias myclient -keystore client.jks
# import ca-cert
keytool -importcert -v -trustcacerts -file ca-cert.pem -alias myCA -keystore client.jks
2、帮助命令____________________________________________________________
openssl --help
openssl x509 --help
3、常用命令____________________________________________________________
1、生成普通私钥:
openssl genrsa -out ca-key.pem 1024
2、生成带加密口令的密钥:
openssl genrsa -des3 -out ca-key.pem 1024
3、去除密钥的口令:
openssl rsa -in ca-key.pem -out ca-key.pem
4、通过生成的私钥去生成证书:
openssl req -new -x509 -key ca-key.pem -out ca-cert.pem -days 1095
5、通过私钥生成公钥:
openssl rsa -in ca-key.pem -pubout -out pub-key.pem
6、格式转换:(证书、私钥、公钥)(PEM DER)
openssl x509 -in ca-cert.pem -inform PEM -out ca-cert.der -outform DER
openssl rsa -in ca-key.pem -inform PEM -out ca-key.der -outform DER
openssl rsa -pubin -in pub-key.pem -inform PEM -pubout -out pub-key.der -outform DER
7、合并成pfx证书(p12):
openssl pkcs12 -export -in server-cert.pem -out server.p12 -inkey server-key.pem
8、p12证书文本化:
openssl pkcs12 -in server.p12 -out server.txt
9、屏幕模式显式:(证书、私钥、公钥)
openssl x509 -in ca-cert.pem -noout -text -modulus
openssl rsa -in ca-key.pem -noout -text -modulus
openssl rsa -in pub-key.pem -noout -text -modulus
分享到:
相关推荐
Apache服务器msi版的安装 apache_2.4.23-x64-openssl-1.0.2hapache_2.4.23-x64-openssl-1.0.2hapache_2.4.23-x64-openssl-1.0.2hapache_2.4.23-x64-openssl-1.0.2h
openldap-2.2.29-db-4.3.29-openssl 不为积分只为没有积分的哥们少作难,另有陪有强大的LdapAdmin.exe, 比较Softerra LDAP Browser 2.5强百倍。...openldap-2.2.29-db-4.3.29-openssl-0.9.8a-win32_Setup.exe
apache_2.2.8-win32-x86-openssl-0.9.8g.msi安装方便快捷
httpd-2.2.25-win32-x86-openssl-0.9.8y.msi
openldap-2.2.29 windows安装包(免密钥),openldap-2.2.29-db-4.3.29-openssl-0.9.8a-win32_Setup.exe
openssl10
arm 架构的 openssl10
apache + svn 服务器搭建 包含apache安装包,和svn安装包 apache_2.2.11-win32-x86-openssl-0.9.8i.msi svn-win32-1.5.4
onenet MQTTS第三方库paho.mqtt.c-1.3.0 &openssl-OpenSSL_1_0_2q.tar
Apachehttpd-2.2.17-win32-x86-openssl
httpd-2.2.25-win32-x86-openssl-0.9.8y安装教程
apache_2.0.63-win32-x86-openssl-0.9.7m
通过OpenSSL生成的ssl证书,用于windows下用nginx配置https服务器( OpenSSL创建证书) 无需再下载OpenSSL,配置OpenSSL相关环境,在进行命令生成证书
tomcat-native-1.2.26-openssl-1.1.1i-win32-bin
apache_2.2.11-win32-x86-openssl-0.9.8i.zip
Laravel开发-laravel-openssl-encryption-42 使用php openssl扩展名的laravel 4加密包
httpd-2.2.22-win32-x86-openssl-0.9.8t.z
210-openssl-1.1.x-compat.patch
方便使用,易于学习,能在短时间内学习,不许花费太多时间