Linux:openssl创建CA及颁发证书
2024-05-19 18:50:33
openssl
对称加密:
工具:openssl enc, gpg
算法:3des, aes, blowfish, twofish
帮助:man enc
1、 加密:enc对称算法加密 -e加密 -des3算法加密 -a base64编码 -salt加盐打乱顺序 -in加入文件 -out输出文件
[root@centos7 data]#openssl enc -e -des3 -a -salt -in fstab -out fstab.cip
enter des-ede3-cbc encryption password:
Verifying - enter des-ede3-cbc encryption password:
[root@centos7 data]#ll
total 8
-rw-r--r-- 1 root root 784 Sep 13 14:10 fstab
-rw-r--r-- 1 root root 1097 Sep 13 14:14 fstab.cip
[root@centos7 data]#cat fstab.cip
U2FsdGVkX19iCjTL+B6er1QDvT3mnnJHqanodUGbdxtArBfHcJ6Ea8LeDPiZEUa/
nkxw614tKAkMMs0HSihFV2goBu9rWkuLA9GUO51aZ+XIH6QTSNDi6ILZdYEdSC7p
wKSGfJsz2rQOMwcCMSKg9Dfl9jTnm5LG2Kw0DKkdZDNOQW9ycnmBSVgKq+tbFC4V
+1rOAmctrBKwbj4QUqDGqRekfmyIeV7SAXUaOcl3JEPoSbSTeq3DAg8PQGHETyRf
CwamvfBmcdRTS5kMST04smu5cF56ib9c06xEtFfCm5g51nEDHW0hBewV5wy5vTpv
TQPpmI0iiR0tYJlI1fKfIe2XkdF/EX2dru41quGchpQkqlVTVQffjquteU6TFYUV
D5sz+IUzF4A7ObNdJzeYui4X0dT890V1fY6duby3iezxPngB+zIKW5JwK1AGsL4M
pUYdU+6IEcRNKowYtCSEQzzNDIJsNh1gSEmp54ScHuxJ1BFxBvQwV9Uj2YZ28vZw
8Z/IszEZvtIBALaZ0bAfoYeHMCMdEk1nklKwrA0RFqoGYCpXPzf2YgwFYPAQuVr7
l+DXqMs5R3xUheo65xD8sePmQmpJGvPWSTEd3tgrxa4UBGAkjGn9+B1EaFSJ9fM9
dyIYJlA4L5DJQmB/NfgexJQUhJcQTWajxkB0p4mkj7mYb1dqXfvYZyxWrM8Xadoq
T+2yhfErBTetC2S4GAM0WWIjMy2kRrcxmdUty2UcsviCPN6GiEoMslbNCWODa6Bz
dib716UiWEpAR6NuCGv5ERcJ/zkzbIJuQyR8YTG3M7oeqfPy9xkqgYVuVSkb2ofr
NHfGYG7lYM68UhhNkCS0RsGbwWM0hz6Mt2IodYBDn7eD2nY5qGIoezrY//ftjZpf
jX44r67o/w2OfMi4+3aKa9e6ANWgPNBhFezSIkVUi7kJ3CyXsy2XmEVRIdpSPV6v
Kjcu6+EM3H7lKGjAChOzHjMCAiRr/6ijsuKZ4YvtEDZXydIb5XEG3VSITYtD7Hue
A+DpCGPNWwHgnXoSbHilwOgE8N9Dxx55t437bcaSZL6JH3z8n4FLQQ==
可以转化成二进制,fstab.cip2文件才算真正的加密。更安全
[root@centos7 data]#base64 -d fstab.cip > fstab.cip2
[root@centos7 data]#cat fstab.cip2
Salted__b
4=AF 2EWh(;HH.|31"4NAorry
.g->Ry^9z@aqI=8^zm!M阍"}SUߎ3]'7Eu}>x[FSM*`HIq#نv#Mg
W?7`|TBjI$DhTw"&P8/5fj]V74Yb#3-eކVkXJ@G|a1*)w`μRM4b(u:~8
ՠ<,~$kqcxyƒdA[root@centos7 data]#
2、 解密:enc对称算法加密 -d解密 -des3算法加密 -a base64编码 -salt加盐打乱顺序 -in加入文件 -out输出文件
[root@centos7 data]#openssl enc -d -des3 -a -salt -in fstab.cip -out fstab2
enter des-ede3-cbc decryption password:
[root@centos7 data]#cat fstab2#
# /etc/fstab
# Created by anaconda on Wed Jul 18 17:14:35 2018
#
# Accessible filesystems, by reference, are maintained under '/dev/disk'
# See man pages fstab(5), findfs(8), mount(8) and/or blkid(8) for more info
#
UUID=bad06bd2-9f82-4954-b5ad-ea296b82e6df / xfs defaults 0 0
UUID=b0976649-edba-4e94-9c0d-83c2c842ef73 /boot xfs defaults 0 0
UUID=720807ea-75ce-4a96-b9fd-238743f9ec79 /data xfs defaults 0 0
UUID=37083a64-0f7e-426d-bb18-983ad222b2ad swap swap defaults 0 0
UUID=0ce32dee-2a6c-4208-90b6-25db048a609d /home xfs defaults 0 0
UUID=1126bba2-239e-4b19-82e4-e96b47e21d93 swap swap defaults 0 0
单向加密:
工具:openssl dgst
算法:md5sum, sha1sum, sha224sum,sha256sum…
帮助:man dgst
[root@centos7 data]#openssl dgst -md5 fstab
MD5(fstab)= aa204eeffac45ec9019b0738be8cf95c
[root@centos7 data]#md5sum fstab
aa204eeffac45ec9019b0738be8cf95c fstab
生成用户密码
工具:openssl passwd
帮助:man sslpasswd
利用盐随机生成加密口令:-1通过md5算法 -salt固定盐为11111111
[root@centos7 data]#openssl passwd -1
Password:
Verifying - Password:
$1$3m.Wzvbk$5Nw56eshcwjQNQm43uog90
[root@centos7 data]#openssl passwd -1 -salt 11111111
Password:
$1$11111111$/GA3uQqOZi/rI1U4SK.kb0
生成随机数
工具:openssl rand
帮助:man sslrand
-hex10 利用16位生成(16位是4个2进制表示的)
-base64 是利用base64生成(base64是6个2进制表示的,所以不能被6整除的最后转化成=)
[root@centos7 data]#openssl rand -base64 12
98/N1kFs+76V8Ulh
[root@centos7 data]#openssl rand -base64 13
z3Dx2P5/pSb3qWh6Bg==
[root@centos7 data]#openssl rand -base64 18
cBybezlTKSobD9wKBB6W4O+l
[root@centos7 data]#openssl rand -base64 19
uEVHIdlYKCKZaVJTdWhkD8ekGw==
提取随机12位密码
[root@centos7 data]#openssl rand -base64 24|tr -d '/+'|head -c12
8B11Y1Y5ByOX[root@centos7 data]#
urandom设备提取12位密码
[root@centos7 data]#cat /dev/urandom |tr -dc 'A-Za-z0-9' |head -c 12
jYCVlCWWHxUd[root@centos7 data]#
非对称加密
生成秘钥对儿
工具:openssl genrsa
帮助:man genrsa
生成私钥加密
[root@centos7 data]#(umask 077;openssl genrsa -out test.key -des 2048)
Generating RSA private key, 2048 bit long modulus
.....+++
.................................................................................................................................................................+++
e is 65537 (0x10001)
Enter pass phrase for test.key:
Verifying - Enter pass phrase for test.key:
私钥解密
[root@centos7 data]#openssl rsa -in test.key -out test2.key
Enter pass phrase for test.key:
writing RSA key
私钥生成公钥
[root@centos7 data]#openssl rsa -in test.key -pubout -out test.pub
Enter pass phrase for test.key:
writing RSA key
[root@centos7 data]#cat test.pub
-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvb4UuLr45f18YAHqkw/9
UWtILOuu11S7+k++ymGd9sZgbeMUoxID+s7O7gimSvpKSoVwNNLF8/ibntuMM+LE
7NpflugKbZHC2YreM1Co07BWNY7GiJjcbc5V7KHAzOlBeWpHYpWI6O+8kZOn6wtf
Lk3DR+JGr3363jq9QmK3PZ6Ciff92Bc6xboWlxeUJT2Gs3AdkMykJ4ISPAq9K2VD
hpAsMqfDgVoekzlXiW8WRQIC/KVxH+G5fvcXoTV+uvSxq183uT8Amj7urVhRlDiX
4ULkPlocr7SWW32g4frYiu6NnaDQOpwkFMOYfmXlus0SgQMt4EtdV7LL7RZU0i24
mwIDAQAB
-----END PUBLIC KEY-----
创建CA和申请证书
配置文件:/etc/pki/tls/openssl.cnf
1、服务器端创建文件(先进入到/etc/pki/CA文件夹中,方便执行)
touch /etc/pki/CA/index.txt 生成证书索引数据库文件
echo 01 > /etc/pki/CA/serial 指定第一个颁发证书的序列号
2、 服务器端生成私钥(配置文件中规定好的路径和文件名/etc/pki/CA/private/cakey.pem)
[root@centos7 CA]#(umask 066; openssl genrsa -out /etc/pki/CA/private/cakey.pem 2048)
Generating RSA private key, 2048 bit long modulus
.........................................................+++
..................................................................+++
e is 65537 (0x10001)
3、 服务器端生成自签名证书,注意添加-x509(配置文件规定好的路径和文件名/etc/pki/CA/cacert.pem)
-new: 生成新证书签署请求
-x509: 专用于CA生成自签证书
-key: 生成请求时用到的私钥文件
-days n:证书的有效期限
-out /PATH/TO/SOMECERTFILE: 证书的保存路径
[root@centos7 CA]#openssl req -new -x509 -key /etc/pki/CA/private/cakey.pem -out /etc/pki/CA/cacert.pem -days 3650
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:CN
State or Province Name (full name) []:beijing
Locality Name (eg, city) [Default City]:beijing
Organization Name (eg, company) [Default Company Ltd]:dushan
Organizational Unit Name (eg, section) []:opt
Common Name (eg, your name or your server's hostname) []:www.dushan.com
Email Address []:
4、 可查看自签名证书内容(如传送到windows中查看需添加.crt后缀)
[root@centos7 CA]#openssl x509 -in cacert.pem -noout -text
Certificate:Data:Version: 3 (0x2)Serial Number:f2:1c:50:12:c1:13:84:e8Signature Algorithm: sha256WithRSAEncryptionIssuer: C=CN, ST=beijing, L=beijing, O=dushan, OU=opt, CN=www.dushan.comValidityNot Before: Sep 13 08:41:21 2018 GMTNot After : Sep 10 08:41:21 2028 GMTSubject: C=CN, ST=beijing, L=beijing, O=dushan, OU=opt, CN=www.dushan.comSubject Public Key Info:Public Key Algorithm: rsaEncryptionPublic-Key: (2048 bit)Modulus:00:c7:c6:f1:af:12:f5:0b:f7:8b:42:3a:15:cc:2a:4c:57:ad:1e:1b:b0:ac:dd:e4:aa:03:7e:84:7d:d3:60:a0:72:cf:71:77:f7:f8:df:32:8b:25:ea:39:94:b1:0e:da:6b:fc:6c:fd:e3:1f:8c:d5:e5:b0:a2:24:d8:99:de:c8:ce:1a:88:97:24:4b:46:c0:da:e6:7b:cb:97:1c:38:06:54:77:b7:f2:f7:39:4d:90:01:d3:19:af:40:a6:35:67:bd:3f:61:2a:c3:31:70:22:34:a9:69:fa:f8:3a:66:58:7c:41:18:ec:83:77:47:b8:53:d5:c6:f7:b0:8a:07:8f:c1:0e:fd:97:75:1e:8a:68:ff:83:c9:3e:54:17:62:d2:a1:9f:01:6b:ae:5a:63:d0:29:2c:a3:dd:88:ab:04:05:7a:65:11:38:6c:a8:4b:27:ac:9e:d2:dd:1b:18:57:75:c5:c6:cd:67:ca:07:1a:d9:24:4c:37:79:77:36:37:ef:9f:a2:ea:fd:ee:ee:d0:a9:88:84:03:b6:5a:8c:07:33:84:93:37:a4:10:47:b7:86:08:f5:d2:55:d0:39:5a:1e:70:db:b2:b0:e8:95:2d:7b:ea:92:1f:bd:20:dc:7a:e7:19:8c:30:12:e5:d0:0b:b8:3e:3b:c1:5f:c7:31:7f:48:2dExponent: 65537 (0x10001)X509v3 extensions:X509v3 Subject Key Identifier: C9:DC:B1:29:8C:0F:3B:11:1D:09:D2:62:95:7D:08:D2:EA:4E:C9:64X509v3 Authority Key Identifier: keyid:C9:DC:B1:29:8C:0F:3B:11:1D:09:D2:62:95:7D:08:D2:EA:4E:C9:64X509v3 Basic Constraints: CA:TRUESignature Algorithm: sha256WithRSAEncryption2f:d4:2d:04:2a:be:da:62:46:3c:d6:74:d6:94:9a:61:df:59:1b:87:01:a3:6f:14:fa:ea:e6:7e:a9:1d:58:f4:1e:29:ad:b0:07:23:e9:52:9d:03:5d:8c:c3:71:ba:f8:2c:e7:6f:98:19:c3:1c:69:bd:8e:fd:85:dd:24:a9:fa:b5:4e:86:bb:0d:2e:02:38:66:90:7f:90:f9:ec:53:7f:0a:fb:b3:1c:c6:fd:b0:fd:c1:a7:91:70:e5:5e:03:09:23:f7:a1:39:f1:0f:3b:39:fd:54:05:5c:9e:f3:63:36:9f:c6:3f:d5:47:16:20:d6:37:4d:7b:22:09:35:f4:8a:1d:66:9d:24:05:29:3a:0a:d0:d7:37:a1:73:5d:93:74:38:da:72:1f:15:c5:1f:3e:7b:d7:aa:85:09:ee:7d:23:97:e3:75:04:9c:d1:9f:43:f1:76:38:de:cc:68:94:99:ca:de:18:96:14:6b:a4:77:59:3c:43:06:0c:22:61:7f:16:73:a5:d4:7e:39:24:0b:c6:22:75:65:83:23:b1:b5:64:9c:a1:41:3a:c0:08:ef:b7:e4:9d:a5:f0:9d:9f:9d:eb:e5:3c:c5:7d:e6:b6:32:02:b7:61:eb:c0:a8:f7:56:a2:2d:2c:9a:30:f7:70:c2:fa:05:3a:63:d4:72:9c:07
5.、客户端生成私钥:
[root@dadda6 data]#(umask 066;openssl genrsa -out app.key 2048)
Generating RSA private key, 2048 bit long modulus
...............................................+++
............................................................+++
e is 65537 (0x10001)
6、 客户端生成csr文件 (默认国家地区公司三项必须和服务器端一样,如需不一样,需修改配置文件中policy后面内容)
[root@dadda6 data]#openssl req -new -key app.key -out app.csr
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:CN
State or Province Name (full name) []:beijing
Locality Name (eg, city) [Default City]:beijing
Organization Name (eg, company) [Default Company Ltd]:dushan
Organizational Unit Name (eg, section) []:sales
Common Name (eg, your name or your server's hostname) []:sale.dushan.com
Email Address []:Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:
7、 cp到服务器端,位置可自定义(也可以制作秘钥和csr文件在服务器端做完传给客户端)
[root@dadda6 data]#scp app.csr 192.168.32.61:/etc/pki/CA
root@192.168.32.61's password:
app.csr 100% 1009 1.0KB/s 00:00
8、 颁发证书 (如缺少/etc/index.txt,/etc/serial文件会失败,执行第一步)
[root@centos7 CA]#openssl ca -in /etc/pki/CA/app.csr -out /etc/pki/CA/certs/app.crt -days 360
Using configuration from /etc/pki/tls/openssl.cnf
Check that the request matches the signature
Signature ok
Certificate Details:Serial Number: 1 (0x1)ValidityNot Before: Sep 13 08:52:39 2018 GMTNot After : Sep 8 08:52:39 2019 GMTSubject:countryName = CNstateOrProvinceName = beijingorganizationName = dushanorganizationalUnitName = salescommonName = sale.dushan.comX509v3 extensions:X509v3 Basic Constraints: CA:FALSENetscape Comment: OpenSSL Generated CertificateX509v3 Subject Key Identifier: 01:F6:5B:10:58:30:68:76:D1:7A:26:4E:0E:44:BE:00:AF:91:1F:24X509v3 Authority Key Identifier: keyid:C9:DC:B1:29:8C:0F:3B:11:1D:09:D2:62:95:7D:08:D2:EA:4E:C9:64Certificate is to be certified until Sep 8 08:52:39 2019 GMT (360 days)
Sign the certificate? [y/n]:y1 out of 1 certificate requests certified, commit? [y/n]y
Write out database with 1 new entries
Data Base Updated
9、可查看新证书信息
可选参数 -text|issuer|subject|serial|dates
[root@centos7 CA]#tree
.
├── app.csr
├── cacert.pem
├── certs
│ └── app.crt
├── crl
├── index.txt
├── index.txt.attr
├── index.txt.old
├── newcerts
│ └── 01.pem
├── private
│ └── cakey.pem
├── serial
└── serial.old4 directories, 10 files
[root@centos7 CA]#cat index.txt
V 190908085239Z 01 unknown /C=CN/ST=beijing/O=dushan/OU=sales/CN=sale.dushan.com
[root@centos7 CA]#cat serial.old
01
[root@centos7 CA]#openssl x509 -in certs/app.crt -noout -text
Certificate:Data:Version: 3 (0x2)Serial Number: 1 (0x1)Signature Algorithm: sha256WithRSAEncryptionIssuer: C=CN, ST=beijing, L=beijing, O=dushan, OU=opt, CN=www.dushan.comValidityNot Before: Sep 13 08:52:39 2018 GMTNot After : Sep 8 08:52:39 2019 GMTSubject: C=CN, ST=beijing, O=dushan, OU=sales, CN=sale.dushan.comSubject Public Key Info:Public Key Algorithm: rsaEncryptionPublic-Key: (2048 bit)Modulus:00:e5:d2:3b:0b:5f:33:50:12:e6:c0:34:8f:3b:fe:89:9d:e5:db:f1:76:13:70:a7:d8:3a:5a:60:6c:6d:98:e1:15:32:90:18:21:8c:0e:e5:79:4d:8f:7e:43:bb:cb:78:61:72:b8:b7:f1:34:6f:38:b2:38:94:b4:d8:c7:6f:e7:6c:b8:1e:76:ab:3a:29:96:1e:db:15:46:f8:aa:fd:85:cc:9d:61:a1:33:ff:b4:a4:f4:2e:82:e0:03:1b:cf:09:04:d3:45:78:eb:b1:fc:ce:0e:30:39:a9:7b:4d:71:ee:87:31:4a:c6:fe:72:61:b1:f3:ed:42:51:3a:4a:da:7d:e8:fd:dd:97:e8:ca:f7:b9:78:24:15:2e:6e:88:e0:a2:3e:ff:10:a1:b4:8f:af:1c:f0:02:cc:fe:f6:1a:eb:46:92:9f:9f:e1:3e:b3:c1:09:b0:09:07:10:fa:84:83:01:4d:a8:ed:dc:d7:d3:7e:be:0c:96:f9:92:b8:22:e2:36:4d:98:8e:c6:cd:6c:7d:8c:bd:fa:9d:ef:f3:90:67:12:35:da:2f:db:29:2d:f0:b5:54:a9:8c:ae:ca:13:a3:51:37:83:d0:47:65:ae:f2:89:b2:1d:c7:99:d3:c3:88:bd:49:51:4a:e3:33:42:f4:41:93:7b:01:87:c1:a3:6d:e2:f3Exponent: 65537 (0x10001)X509v3 extensions:X509v3 Basic Constraints: CA:FALSENetscape Comment: OpenSSL Generated CertificateX509v3 Subject Key Identifier: 01:F6:5B:10:58:30:68:76:D1:7A:26:4E:0E:44:BE:00:AF:91:1F:24X509v3 Authority Key Identifier: keyid:C9:DC:B1:29:8C:0F:3B:11:1D:09:D2:62:95:7D:08:D2:EA:4E:C9:64Signature Algorithm: sha256WithRSAEncryption17:a7:0c:2c:1d:5a:ae:8d:d9:41:b9:91:c4:14:59:1b:9c:21:5c:68:78:5e:95:64:03:79:f5:2f:39:ad:87:14:8f:11:34:c4:4d:a1:ef:9c:f7:88:e5:02:ac:78:44:1a:ef:dc:63:53:fc:5e:fd:4c:5b:fe:b2:14:02:24:fb:44:ad:6c:37:22:30:fc:b6:99:eb:5a:e8:a1:d8:cb:1d:ed:20:32:0e:57:ef:b5:2a:85:e1:de:57:80:91:48:a4:f4:63:f2:55:48:db:ad:f9:fd:fd:4a:ce:92:59:1d:7a:6c:51:4e:7a:22:7c:8e:0e:5e:6e:28:25:78:10:5f:cd:c5:33:c6:12:0c:12:57:50:4e:ec:ac:61:1c:85:5b:54:86:72:a1:19:6c:f0:fa:75:23:80:68:02:b8:16:bc:07:8d:5c:80:1d:dc:41:ba:23:e7:6a:a0:8d:34:8e:55:82:16:ce:20:1f:74:77:13:73:92:eb:25:93:79:db:ba:b4:6a:d2:61:28:d7:2f:ac:de:60:2d:88:7c:75:5c:56:6b:13:d2:84:ea:96:e4:9e:2b:37:d1:3a:15:48:33:a6:a0:e3:78:ae:c1:32:c3:58:7e:5a:8f:ec:be:7d:49:74:59:21:5a:a7:85:ca:21:1c:ee:f5:7d:42:33:d3:01:22:b5:76
10、验证证书的可靠性
[root@centos7 CA]#openssl verify -CAfile cacert.pem certs/app.crt
certs/app.crt: OK
*如一个申请需颁发多个证书需更改文件index.txt.attr为no(默认唯一)
[root@centos7 CA]#cat index.txt.attr
unique_subject = yes
11、吊销证书
[root@centos7 CA]#openssl ca -revoke newcerts/01.pem
Using configuration from /etc/pki/tls/openssl.cnf
Revoking Certificate 01.
Data Base Updated
*指定第一个吊销证书的编号,注意:第一次更新证书吊销列表前,才需要执行
echo 01 > /etc/pki/CA/crlnumber
更新证书吊销列表
openssl ca -gencrl -out /etc/pki/CA/crl.pem
查看crl文件
openssl crl -in /etc/pki/CA/crl.pem -noout -text
Linux:openssl创建CA及颁发证书相关推荐
- linux下创建CA以及颁发证书
一.创建私有CA: 使用工具openssl模拟创建CA Openssl程序包分解: Openssl由三部分组成:加密库libcrypt.服务器端实现ssl功能会话的库.命令行工具 Openssl工具使 ...
- openssl创建CA、申请证书及其给web服务颁发证书
一.创建私有的CA 1)查看openssl的配置文件:/etc/pki/tls/openssl.cnf 2)创建所需的文件 touch /etc/pki/CA/index.txt echo ...
- Linux openssl 搭建CA、签名证书
目录 前言 配置CA 安装openssl 修改 openssl 配置文件 创建所需要的文件 创建CA KEY 创建CA 证书 创建证书 生成密钥 生成签名请求文件 签名证书请求文件 自签名证书 创建 ...
- openssl创建CA并签发证书
一.创建私有CA根证书 1.创建CA目录 root@DESKTOP-JP3S3AN:/home/wsl/openssl_pro# mkdir -pv /etc/pki/CA/{private,cert ...
- 加密解密概述及openssl应用及其创建CA和签发证书的实现
数据非常重要,这是大家的共识,为了保证数据的安全,就会涉及到加密及其解密,本文主要介绍加密 解密相关概念及其在Linux平台下加密解密的具体实现openssl基础,及openssl创建CA和签发证书: ...
- 基于OpenSSL的CA建立及证书签发(签发多域名/IP)
自签SSL证书(多域名/IP) 本文基于以下环境: 内核信息:Linux zabbix 3.10.0-957.el7.x86_64 #1 SMP Thu Nov 8 23:39:32 UTC 2018 ...
- Centos7创建CA和申请证书
转载:http://rackie386.blog.51cto.com/11279229/1947999 Centos7.3创建CA和申请证书 openssl 的配置文件:/etc/pki/tls/op ...
- 基于OpenSSL的CA建立及证书签发(签发单域名/IP)
[前言] 说来惭愧,干了快一年的运维,能力还是很欠缺,前些天因为ToB项目需求,需要用nginx搭建一个正向代理,研究了一番,在本地环境搭建一套七层代理,请移步这里查看.自认为理解了,其实不然,真正到 ...
- 使用OpenSSL创建自签名SSL证书
近期的工作中遇到了数据传输加密的需求,就是在数据传输安全层面都要求使用https协议,因此为Web站点安装SSL证书就成了必须,以下就过程记录. 1.需求及选型 需求有两条: 支持内网IP地址 我们很 ...
- 英文文档: 如何使用 OpenSSL 创建与吊销数字证书
推荐一篇文档, 讲解如何使用 OpenSSL 创建与吊销数字证书: https://www.linux.com/BLOG/PKI-IMPLEMENTATION-LINUX-ADMIN
最新文章
- Git提交到多个远程仓库(多看两个文档)
- 【青铜打铁篇】Activiti 工作流从入门到入土?
- Ajax框架,DWR介绍,应用,样例
- 【计算机视觉】计算机视觉、模式识别、机器学习常用牛人主页链接
- day19_java基础加强_动态代理+注解+类加载器
- MySQL 索引的面试题总结
- 【pytorch】torch.cuda.empty_cache()==>释放缓存分配器当前持有的且未占用的缓存显存
- thinkphp自动验证分析
- 白话文:几个例子马上看懂typescript基础类型
- 2020【第十一届蓝桥杯省赛】 C/C++ B组 (第一场)
- java随机数种子_使用种子的Java随机数
- 人工智能数据集文本处理Onehot/TF/TFIDF矩阵的生成
- 操作系统-io设备基本概念和分类
- 为什么我总抢注不到域名?
- 基于Android的班级同学录校友录系统app
- idea打开命令行窗口
- 视频相识度算法思路文献记录
- fufu笔记之多线程
- 【LeetCode】第930题——和相同的二元子数组(难度:中等)
- QQ跳转加好友、加QQ群链接代码生成制作