一、生成自签名证书

1.1、创建root CA私钥

openssl req -newkey rsa:4096 -nodes -sha256 -keyout ca.key -x509 -days 365 -out ca.crt

执行步骤如下:

 root@duke:~# openssl req -newkey rsa:4096 -nodes -sha256 -keyout ca.key -x509 -days 365 -out ca.crt 
Generating a 4096 bit RSA private key
.............................................++
.............................................++
writing new private key to 'ca.key'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:CN
State or Province Name (full name) [Some-State]:NanJing
Locality Name (eg, city) []:NanJing
Organization Name (eg, company) [Internet Widgits Pty Ltd]:rancher
Organizational Unit Name (eg, section) []:info technology
Common Name (e.g. server FQDN or YOUR name) []:duke
Email Address []:xxxx@126.com

1.2、为服务端(web)生成证书签名请求文件

如果你使用类似demo.rancher.com的FQDN域名访问,则需要设置demo.rancher.com作为CN;如果你使用IP地址访问,CN则为IP地址:

openssl req -newkey rsa:4096 -nodes -sha256 -keyout demo.rancher.com.key -out  demo.rancher.com.csr
或者
openssl req -newkey rsa:4096 -nodes -sha256 -keyout 192.168.0.2.key -out 192.168.0.2.csr

执行步骤如下:

【注意】:
Commone Name一定要是你要授予证书的FQDN域名或主机名,并且不能与生成root CA设置的Commone Name相同。
challenge password可以不填。
root@duke:~# openssl req -newkey rsa:4096 -nodes -sha256 -keyout 192.168.0.2.key -out 192.168.0.2.csr
Generating a 4096 bit RSA private key
....................................................................++
....................................................................++
writing new private key to '192.168.0.2.key'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:CN
State or Province Name (full name) [Some-State]:NanJing
Locality Name (eg, city) []:NanJing
Organization Name (eg, company) [Internet Widgits Pty Ltd]:RANCHER
Organizational Unit Name (eg, section) []:info technology
Common Name (e.g. server FQDN or YOUR name) []:192.168.0.2
Email Address []:xxxx@126.com Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:附属属性修改密码,可以不填
An optional company name []:附属属性另一个公司名称,可以不填

1.3、用1.1创建的CA证书给1.2生成的签名请求进行签名

openssl x509 -req -days 365 -in 192.168.0.2.csr -CA ca.crt -CAkey ca.key -CAcreateserial -out 192.168.0.2.crt

执行步骤如下:

root@duke:~# openssl x509 -req -days 365 -in 192.168.0.2.csr -CA ca.crt -CAkey ca.key -CAcreateserial -out 192.168.0.2.crt
Signature ok
subject=/C=CN/ST=NanJing/L=NanJing/O=RANCHER/OU=info technology/CN=192.168.0.2/emailAddress=xxxx@126.com
Getting CA Private Key

1.4、使用IP进行签名

如果你使用IP,例如192.168.0.2来连接,则可以改为运行以下命令

echo 'subjectAltName = IP:192.168.0.2' > extfile.cnf
openssl x509 -req -days 365 -in 192.168.0.2.csr -CA ca.crt -CAkey ca.key -CAcreateserial -extfile extfile.cnf -out 192.168.0.2.crt

执行步骤如下:

root@duke:~# echo 'subjectAltName = IP:192.168.0.2' > extfile.cnf
root@duke:~# openssl x509 -req -days 365 -in 192.168.0.2.csr -CA ca.crt -CAkey ca.key -CAcreateserial -extfile extfile.cnf -out 192.168.0.2.crt
Signature ok
subject=/C=CN/ST=NanJing/L=NanJing/O=RANCHER/OU=info technology/CN=192.168.0.2/emailAddress=xxxx@126.com
Getting CA Private Key

【注意】:subjectAltName后的IP不需添加端口。

1.5、检查文件

经过上面步骤操作后,会生成ca.crt、ca.srl、ca.key、192.168.0.2.crt、192.168.0.2.key、192.168.0.2.csr、extfile.cnf这几个文件。

执行步骤如下:

root@duke:~# ls
192.168.0.2.crt 192.168.0.2.key ca.crt ca.srl docker-1.13.1.tgz kubectl shipyard var 模板 图片 下载 桌面
192.168.0.2.csr anaconda3 ca.key docker extfile.cnf mapd-docker-storage tigervncserver_1.6.80-4_amd64.deb 公共的 视频 文档 音乐

二、验证自签名证书

【注意】: 因为使用的是自签名证书,浏览器会提示证书的颁发机构是未知的。

把生成的ca证书和去除密码的私钥文件部署到web服务器(例如:harbor)后,执行以下命令验证:

2.1、不加CA证书验证

openssl s_client -connect 192.168.0.2:443 -servername 192.168.0.2

执行步骤如下:

root@duke:~#  openssl s_client -connect 192.168.0.2:8443 -servername 192.168.0.2
CONNECTED(00000003)
depth=0 C = CN, ST = NanJing, L = NanJing, O = rancher, OU = info technology, CN = duke, emailAddress = xxxx@126.com
verify error:num=18:self signed certificate 报错自签名不正确
verify return:1
depth=0 C = CN, ST = NanJing, L = NanJing, O = rancher, OU = info technology, CN = duke, emailAddress = xxxx@126.com
verify return:1
---
Certificate chain
0 s:/C=CN/ST=NanJing/L=NanJing/O=rancher/OU=info technology/CN=duke/emailAddress=xxxx@126.com
i:/C=CN/ST=NanJing/L=NanJing/O=rancher/OU=info technology/CN=duke/emailAddress=xxxx@126.com
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIF6TCCA9GgAwIBAgIJALx+htau6IhyMA0GCSqGSIb3DQEBCwUAMIGKMQswCQYD
VQQGEwJDTjEQMA4GA1UECAwHTmFuSmluZzEQMA4GA1UEBwwHTmFuSmluZzEQMA4G
A1UECgwHcmFuY2hlcjEYMBYGA1UECwwPaW5mbyB0ZWNobm9sb2d5MQ0wCwYDVQQD
DARkdWtlMRwwGgYJKoZIhvcNAQkBFg1oenc5N0AxMjYuY29tMB4XDTE4MTIyNDA2
MTU0OVoXDTE5MTIyNDA2MTU0OVowgYoxCzAJBgNVBAYTAkNOMRAwDgYDVQQIDAdO
YW5KaW5nMRAwDgYDVQQHDAdOYW5KaW5nMRAwDgYDVQQKDAdyYW5jaGVyMRgwFgYD
VQQLDA9pbmZvIHRlY2hub2xvZ3kxDTALBgNVBAMMBGR1a2UxHDAaBgkqhkiG9w0B
CQEWDWh6dzk3QDEyNi5jb20wggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoIC
AQCwxjnhRPlbrfr+wsxtDgK8MOBSPSoqpeEl6j8LoV+UFwWKlIZH9Qc82nV2/OVZ
AZUP1UZ/syJlup3e8gus9UvltAuGvMZdGGeVtWqRCoEbpSgaehpspbC8yL7UOx5P
TafDqyLuP5jZ4/xskpCXvsUbtDYDs1/9H5yVP4yAsZtsGFfdxx4Ztyger5SEFYwj
hHdGhrgMk1Zj3f2CJu0iPDqRP2dxJp0/+Hc3MrKrkXd8/BLEWHiKL7GhQZRPEqYc
TZYwtooXEqwvJBgi02VTn+SGQLKi9ekYNdUyLAp3qO1FC/G9OiIKjy625+umlgZX
V06Uy5NnbrAmqkUJwN/q+jt/GsJYgOPn2PdylvIx2T+x3bh+VGj2lY8NztkDV5/1
6FCoIt7xTfOJMfCuGqHfHYAAG+QmC1W+qX04HFeMrJcTG2RSW/g6dKUFI3k+fzhU
IqHqeQgTc9Pg1zJtWDzNyMZYgcxvS3J5TBrSUIXuKr5oomKEV7+tRUPjEVjjE6tb
1OAQdoahB2IOHcAxKAiutJz5AWQOd+YgWUEx9i33MBNnPZ3JjMof09fbwOO7SuhF
jRob8rKas0jLx2RM7xTMY5KPHiBQ45vSX5MxmSFNNHQlzWUoIoQLVLh5Zylhavjw
Q5zCeXBE8SKrKG49T2j1VgG+I/QnNfshBepfF+7ZzllhmQIDAQABo1AwTjAdBgNV
HQ4EFgQUVYAauWx8AP42NMOq6IDO2g/EK0UwHwYDVR0jBBgwFoAUVYAauWx8AP42
NMOq6IDO2g/EK0UwDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAgEAVJFO
tmkav5obqDDYoGeTOUBHZl1Iu6A0L0P+aL9506Vj+2vGkfG3QegwLMX1Yqs7OW2t
FSJZ9TVGdL6FvCvT4+We+k5otmxg/Mo767NTioSjStIRD024ZY00rUezHBk7nodU
WdRcIfcmGjLf3XTWZzriKDghyH82C6L6FMx043ETDbsfBKGFWY9LyTKb6JNHNhU6
ycdzO7AdPaJMJ17WpZTHWJZDzX+Xeep29RP4+nRpVmuTEGY4IQGLNJ7PNgS9Pe++
4QF8ZZXsRLljfdetx0A1Yhc8A5b9+NZYQF9cjBsaCOqcwNpI5+hTfsl2As2AFllb
d0j1xGJ4vqlK1wVdkYrvroO2guXfkDXse2lfKUfDDfrTRNfUysUyawUSt92TiNUU
NaIILtyiE6D20mLwJe/JkyydrTemuqXD/OFxKnBT0KjTPr5JTCHvBKnYBgXEq2yd
zsrR9fjeaktPxoWBNtN8VAFtadjso40FnFloqgBNRKuUSq17QZxppVTGy+DDbUAW
OeIZAy+nvpisNqA9UmG2SbqSSUVuaWK1e9QIayFMEA/ytn5rSVYXTXF4FFT46lOK
LCfeEOAI6owAbPOCP503f+4HeKJ7dzNbkGC2hCodrur26oflFroZ6tV6i5qjvoKc
AblLKT3tuY4IhOPSjlueF0OfpLZTTBhXQ3M7xZA=
-----END CERTIFICATE-----
subject=/C=CN/ST=NanJing/L=NanJing/O=rancher/OU=info technology/CN=duke/emailAddress=xxxx@126.com
issuer=/C=CN/ST=NanJing/L=NanJing/O=rancher/OU=info technology/CN=duke/emailAddress=xxxx@126.com
---
No client certificate CA names sent
Peer signing digest: SHA512
Server Temp Key: ECDH, P-256, 256 bits
---
SSL handshake has read 2464 bytes and written 450 bytes
---
New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES256-GCM-SHA384
Server public key is 4096 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
Protocol : TLSv1.2
Cipher : ECDHE-RSA-AES256-GCM-SHA384
Session-ID: 340DBA9B6572AEAF10CFD75D77B86CBAB1ED2F91DC69C44628C08C112A84F473
Session-ID-ctx:
Master-Key: C294F7E4E56D19FAA1EC1279718385BF677C4E6DC250424F2424BAB8F48E37290FCEFC0C5B8326D33AE69DAC5CF35F77
Key-Arg : None
PSK identity: None
PSK identity hint: None
SRP username: None
TLS session ticket lifetime hint: 300 (seconds)
TLS session ticket:
0000 - c7 bb 8d 3d cf cb cc 5c-61 2d 75 79 63 b0 39 57 ...=...\a-uyc.9W
0010 - 2f 80 15 34 c5 60 31 e1-43 54 7d 95 bf e4 ad 5e /..4.`1.CT}....^
0020 - ea 62 db 2b 94 46 13 83-a2 08 c0 04 c8 7b 74 1c .b.+.F.......{t.
0030 - 26 da 21 1d b5 db d7 c4-3a 3e e2 b0 81 14 2d 87 &.!.....:>....-.
0040 - d8 0f a4 60 34 cc e9 0f-46 54 87 49 7f 1c 2a 56 ...`4...FT.I..*V
0050 - 55 e7 11 d0 cd d9 df 8c-b1 0e 8f 34 c1 ff 71 4c U..........4..qL
0060 - 46 73 61 a3 88 d7 2a 4c-90 2b c6 76 7c 28 f4 ef Fsa...*L.+.v|(..
0070 - 69 48 a1 15 23 73 32 c5-55 c6 4a 65 b9 40 7d c3 iH..#s2.U.Je.@}.
0080 - dc 5e cf 6d 0c cf 90 59-88 0c 6c 12 76 ca d0 1a .^.m...Y..l.v...
0090 - 65 43 f9 a6 1b 5c 03 ed-ac 59 85 26 1a a9 1b bb eC...\...Y.&....
00a0 - 53 37 d9 da f9 f7 27 f2-00 6a 27 ae a1 c1 98 f5 S7....'..j'.....
00b0 - ff 27 07 51 6f 98 d4 b3-cd 63 24 d5 9e 1b 85 99 .'.Qo....c$..... Start Time: 1545636922
Timeout : 300 (sec)
Verify return code: 18 (self signed certificate)
---

2.2、添加CA证书验证

openssl s_client -connect 192.168.0.2:8443 -servername 192.168.0.2 -CAfile ca.crt

执行步骤如下:

root@duke:~# openssl s_client -connect 192.168.0.2:8443 -servername 192.168.0.2 -CAfile ca.crt
CONNECTED(00000003)
depth=0 C = CN, ST = NanJing, L = NanJing, O = rancher, OU = info technology, CN = duke, emailAddress = xxxx@126.com
没有报错,证书鉴权正确
verify return:1
---
Certificate chain
0 s:/C=CN/ST=NanJing/L=NanJing/O=rancher/OU=info technology/CN=duke/emailAddress=xxxx@126.com
i:/C=CN/ST=NanJing/L=NanJing/O=rancher/OU=info technology/CN=duke/emailAddress=xxxx@126.com
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIF6TCCA9GgAwIBAgIJALx+htau6IhyMA0GCSqGSIb3DQEBCwUAMIGKMQswCQYD
VQQGEwJDTjEQMA4GA1UECAwHTmFuSmluZzEQMA4GA1UEBwwHTmFuSmluZzEQMA4G
A1UECgwHcmFuY2hlcjEYMBYGA1UECwwPaW5mbyB0ZWNobm9sb2d5MQ0wCwYDVQQD
DARkdWtlMRwwGgYJKoZIhvcNAQkBFg1oenc5N0AxMjYuY29tMB4XDTE4MTIyNDA2
MTU0OVoXDTE5MTIyNDA2MTU0OVowgYoxCzAJBgNVBAYTAkNOMRAwDgYDVQQIDAdO
YW5KaW5nMRAwDgYDVQQHDAdOYW5KaW5nMRAwDgYDVQQKDAdyYW5jaGVyMRgwFgYD
VQQLDA9pbmZvIHRlY2hub2xvZ3kxDTALBgNVBAMMBGR1a2UxHDAaBgkqhkiG9w0B
CQEWDWh6dzk3QDEyNi5jb20wggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoIC
AQCwxjnhRPlbrfr+wsxtDgK8MOBSPSoqpeEl6j8LoV+UFwWKlIZH9Qc82nV2/OVZ
AZUP1UZ/syJlup3e8gus9UvltAuGvMZdGGeVtWqRCoEbpSgaehpspbC8yL7UOx5P
TafDqyLuP5jZ4/xskpCXvsUbtDYDs1/9H5yVP4yAsZtsGFfdxx4Ztyger5SEFYwj
hHdGhrgMk1Zj3f2CJu0iPDqRP2dxJp0/+Hc3MrKrkXd8/BLEWHiKL7GhQZRPEqYc
TZYwtooXEqwvJBgi02VTn+SGQLKi9ekYNdUyLAp3qO1FC/G9OiIKjy625+umlgZX
V06Uy5NnbrAmqkUJwN/q+jt/GsJYgOPn2PdylvIx2T+x3bh+VGj2lY8NztkDV5/1
6FCoIt7xTfOJMfCuGqHfHYAAG+QmC1W+qX04HFeMrJcTG2RSW/g6dKUFI3k+fzhU
IqHqeQgTc9Pg1zJtWDzNyMZYgcxvS3J5TBrSUIXuKr5oomKEV7+tRUPjEVjjE6tb
1OAQdoahB2IOHcAxKAiutJz5AWQOd+YgWUEx9i33MBNnPZ3JjMof09fbwOO7SuhF
jRob8rKas0jLx2RM7xTMY5KPHiBQ45vSX5MxmSFNNHQlzWUoIoQLVLh5Zylhavjw
Q5zCeXBE8SKrKG49T2j1VgG+I/QnNfshBepfF+7ZzllhmQIDAQABo1AwTjAdBgNV
HQ4EFgQUVYAauWx8AP42NMOq6IDO2g/EK0UwHwYDVR0jBBgwFoAUVYAauWx8AP42
NMOq6IDO2g/EK0UwDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAgEAVJFO
tmkav5obqDDYoGeTOUBHZl1Iu6A0L0P+aL9506Vj+2vGkfG3QegwLMX1Yqs7OW2t
FSJZ9TVGdL6FvCvT4+We+k5otmxg/Mo767NTioSjStIRD024ZY00rUezHBk7nodU
WdRcIfcmGjLf3XTWZzriKDghyH82C6L6FMx043ETDbsfBKGFWY9LyTKb6JNHNhU6
ycdzO7AdPaJMJ17WpZTHWJZDzX+Xeep29RP4+nRpVmuTEGY4IQGLNJ7PNgS9Pe++
4QF8ZZXsRLljfdetx0A1Yhc8A5b9+NZYQF9cjBsaCOqcwNpI5+hTfsl2As2AFllb
d0j1xGJ4vqlK1wVdkYrvroO2guXfkDXse2lfKUfDDfrTRNfUysUyawUSt92TiNUU
NaIILtyiE6D20mLwJe/JkyydrTemuqXD/OFxKnBT0KjTPr5JTCHvBKnYBgXEq2yd
zsrR9fjeaktPxoWBNtN8VAFtadjso40FnFloqgBNRKuUSq17QZxppVTGy+DDbUAW
OeIZAy+nvpisNqA9UmG2SbqSSUVuaWK1e9QIayFMEA/ytn5rSVYXTXF4FFT46lOK
LCfeEOAI6owAbPOCP503f+4HeKJ7dzNbkGC2hCodrur26oflFroZ6tV6i5qjvoKc
AblLKT3tuY4IhOPSjlueF0OfpLZTTBhXQ3M7xZA=
-----END CERTIFICATE-----
subject=/C=CN/ST=NanJing/L=NanJing/O=rancher/OU=info technology/CN=duke/emailAddress=xxxx@126.com
issuer=/C=CN/ST=NanJing/L=NanJing/O=rancher/OU=info technology/CN=duke/emailAddress=xxxx@126.com
---
No client certificate CA names sent
Peer signing digest: SHA512
Server Temp Key: ECDH, P-256, 256 bits
---
SSL handshake has read 2464 bytes and written 450 bytes
---
New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES256-GCM-SHA384
Server public key is 4096 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
Protocol : TLSv1.2
Cipher : ECDHE-RSA-AES256-GCM-SHA384
Session-ID: A6C098FEBD7A744A4B7698949AAD54C4A56B362EA357BA0F2EE66335E3584691
Session-ID-ctx:
Master-Key: EFCAB47D6C3F3132B93AE60A45CF5F7776240108617CCD29894F509710D80038A08B6A0A802AF7825ECD74698D551D34
Key-Arg : None
PSK identity: None
PSK identity hint: None
SRP username: None
TLS session ticket lifetime hint: 300 (seconds)
TLS session ticket:
0000 - c7 bb 8d 3d cf cb cc 5c-61 2d 75 79 63 b0 39 57 ...=...\a-uyc.9W
0010 - 50 df ce 95 3d 8f 24 aa-4c 80 0b 4d 8e 6f b3 af P...=.$.L..M.o..
0020 - e4 66 f7 dd ea b6 45 76-17 3e eb 7b 3e 77 52 17 .f....Ev.>.{>wR.
0030 - 33 e4 d3 54 5e d2 0d ab-ed 73 54 df ab 22 3d cd 3..T^....sT.."=.
0040 - 56 8d f8 9e c4 cd 83 33-8f f5 a2 91 68 ea cf cd V......3....h...
0050 - 2a e7 f2 3f 8e c6 e1 b8-a5 f3 28 92 98 70 01 d8 *..?......(..p..
0060 - fd ad 08 aa ae 6b 4d ff-7f 2f 6f b6 63 23 33 4d .....kM../o.c#3M
0070 - 94 18 f2 a7 01 a8 c6 bc-a3 c5 d3 6f 71 39 f0 d0 ...........oq9..
0080 - 9b 99 cf 5f 79 01 c0 2d-b8 69 40 15 ea ae c1 77 ..._y..-.i@....w
0090 - f0 77 72 ba 52 b9 6c b7-56 c8 a9 f2 f4 67 82 45 .wr.R.l.V....g.E
00a0 - ee 41 86 1f b9 97 66 2b-66 17 6c 81 b2 92 88 8a .A....f+f.l.....
00b0 - ba 96 63 75 97 f3 63 4f-4b a4 9c ab 3f b7 8c db ..cu..cOK...?... Start Time: 1545637270
Timeout : 300 (sec)
Verify return code: 0 (ok)
---

简单使用OpenSSL生成密钥的更多相关文章

  1. 使用openssl生成密钥、加密和签名

    openssl genrsa -out rsakey.pem 1024  //生成1024bit的RSA密钥,并保存到rsakey.pem,此处未对密钥进行加密 openssl genrsa -aes ...

  2. openssl生成密钥/证书

    一.公钥/私钥/签名/验证签名/加密/解密/非对称加密 对称加密:用同一个密码  加密/解密  文件. 非对称加密:加密用的一个密码,解密用另外一组密码. 加密解密:公钥加密数据,然后私钥解密. 公钥 ...

  3. PHP通过OpenSSL生成证书、密钥并且加密解密数据,以及公钥,私钥和数字签名的理解

    一.公钥加密假设一下,我找了两个数字,一个是1,一个是2.我喜欢2这个数字,就保留起来,不告诉你们(私钥),然后我告诉大家,1是我的公钥. 我有一个文件,不能让别人看,我就用1加密了.别人找到了这个文 ...

  4. .NET使用OpenSSL生成的pem密钥文件

    NET要使用OpenSSL生成的pem密钥文件,网上资料很少(http://www.faqs.org/rfcs/rfc1421.html,RFC1421文件又老长老长),仅有的资料还是有错误的,所以今 ...

  5. 用 OPENSSL 生成不同格式的密钥

    用 OPENSSL 生成不同格式的密钥 密钥 key 值包括 加密算法: RSA/DSA/ECC 加密位数: 1024/2048/4096 密钥口令:加密方式有很多 在使用 DSA/ECC 加密算法时 ...

  6. .NET导入openssl生成的公钥之BEGIN RSA PUBLIC KEY

    .NET导入openssl生成的公钥之BEGIN RSA PUBLIC KEY 我得到了一个公钥,形式如下 -----BEGIN RSA PUBLIC KEY----- MIGJAoGBAMroxz3 ...

  7. 用Keytool和OpenSSL生成和签发数字证书

    一)keytool生成私钥文件(.key)和签名请求文件(.csr),openssl签发数字证书      J2SDK在目录%JAVA_HOME%/bin提供了密钥库管理工具Keytool,用于管理密 ...

  8. openssl生成pem,密钥证书的创建

    使用OpenSSL生成证书 首先得安装OpenSSL软件包openssl,安装了这个软件包之后,我们可以做这些事情: o Creation of RSA, DH and DSA Key Paramet ...

  9. openssl 生成证书基本原理

    摘自:http://blog.csdn.net/oldmtn/article/details/52208747 1. 基本原理 公司一个项目要进行交易数据传输,因为这个项目银行那边也是刚刚开始启动,所 ...

随机推荐

  1. Python Flask高级编程之RESTFul API前后端分离精讲 (网盘免费分享)

    Python Flask高级编程之RESTFul API前后端分离精讲 (免费分享)  点击链接或搜索QQ号直接加群获取其它资料: 链接:https://pan.baidu.com/s/12eKrJK ...

  2. Node.js之异步编程

    > 文章原创于公众号:程序猿周先森.本平台不定时更新,喜欢我的文章,欢迎关注我的微信公众号. ![file](https://img2018.cnblogs.com/blog/830272/20 ...

  3. MySQL 8.0主从(Master-Slave)配置

    版权声明:转载请注明出处,谢谢配合. https://blog.csdn.net/zyhlwzy/article/details/80569422 MySQL 主从复制的方式有多种,本文主要演示基于基 ...

  4. cmd中添加目录md

    md 创建目录. MKDIR [drive:]pathMD [drive:]path 如果命令扩展被启用,MKDIR 会如下改变: 如果需要,MKDIR 会在路径中创建中级目录.例如: 假设 \a 不 ...

  5. Docker笔记(十一):Dockerfile详解与最佳实践

    Dockerfile是一个文本文件,包含了一条条指令,每条指令对应构建一层镜像,Docker基于它来构建一个完整镜像.本文介绍Dockerfile的常用指令及相应的最佳实践建议. 1. 理解构建上下文 ...

  6. Apache Hadoop集群安装(NameNode HA + YARN HA + SPARK + 机架感知)

    1.主机规划 序号 主机名 IP地址 角色 1 nn-1 192.168.9.21 NameNode.mr-jobhistory.zookeeper.JournalNode 2 nn-2 192.16 ...

  7. [C++] 重载new和delete——控制内存分配

      1.new和delete表达式的工作机理      1)new表达式实际执行了三步 string *sp=new string("aaaa"); ];//string采用默认初 ...

  8. 记一次 JavaScript 浮点型数字误差引发的问题

    需求 车间的工人在生产出来产品后,需要完成初步的自检,并通过手机上报.在实际生产中,用户(工人)不方便进行数值的输入,因而表单中的一些项设计成 picker 模式以供选取数值.数值的取值范围,根据允许 ...

  9. 首次GitHub千星项目提交维护成功 留念

    现在有点激动,可能有混乱的地方.请大家见谅. 一直觉得千星项目,对我来说是一个遥不可及的地方.没想到第一次在GitHub上 提交Pull Request 就成功了,并且是一个千星项目. 虽然 只是提出 ...

  10. 略学扩展Eculid算法

    扩展 Euclid 算法 Euclid 算法 辗转相除法 计算两个数最大公因数 \(\text{gcd}(a,\,b) = \text{gcd}(b,\,a\%b)\) exEuclid 算法 裴蜀定 ...