一、生成自签名证书

1.1、创建root CA私钥

openssl req -newkey rsa:4096 -nodes -sha256 -keyout ca.key -x509 -days 365 -out ca.crt

执行步骤如下:

 root@duke:~# openssl req -newkey rsa:4096 -nodes -sha256 -keyout ca.key -x509 -days 365 -out ca.crt 
Generating a 4096 bit RSA private key
.............................................++
.............................................++
writing new private key to 'ca.key'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:CN
State or Province Name (full name) [Some-State]:NanJing
Locality Name (eg, city) []:NanJing
Organization Name (eg, company) [Internet Widgits Pty Ltd]:rancher
Organizational Unit Name (eg, section) []:info technology
Common Name (e.g. server FQDN or YOUR name) []:duke
Email Address []:xxxx@126.com

1.2、为服务端(web)生成证书签名请求文件

如果你使用类似demo.rancher.com的FQDN域名访问,则需要设置demo.rancher.com作为CN;如果你使用IP地址访问,CN则为IP地址:

openssl req -newkey rsa:4096 -nodes -sha256 -keyout demo.rancher.com.key -out  demo.rancher.com.csr
或者
openssl req -newkey rsa:4096 -nodes -sha256 -keyout 192.168.0.2.key -out 192.168.0.2.csr

执行步骤如下:

【注意】:
Commone Name一定要是你要授予证书的FQDN域名或主机名,并且不能与生成root CA设置的Commone Name相同。
challenge password可以不填。
root@duke:~# openssl req -newkey rsa:4096 -nodes -sha256 -keyout 192.168.0.2.key -out 192.168.0.2.csr
Generating a 4096 bit RSA private key
....................................................................++
....................................................................++
writing new private key to '192.168.0.2.key'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:CN
State or Province Name (full name) [Some-State]:NanJing
Locality Name (eg, city) []:NanJing
Organization Name (eg, company) [Internet Widgits Pty Ltd]:RANCHER
Organizational Unit Name (eg, section) []:info technology
Common Name (e.g. server FQDN or YOUR name) []:192.168.0.2
Email Address []:xxxx@126.com Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:附属属性修改密码,可以不填
An optional company name []:附属属性另一个公司名称,可以不填

1.3、用1.1创建的CA证书给1.2生成的签名请求进行签名

openssl x509 -req -days 365 -in 192.168.0.2.csr -CA ca.crt -CAkey ca.key -CAcreateserial -out 192.168.0.2.crt

执行步骤如下:

root@duke:~# openssl x509 -req -days 365 -in 192.168.0.2.csr -CA ca.crt -CAkey ca.key -CAcreateserial -out 192.168.0.2.crt
Signature ok
subject=/C=CN/ST=NanJing/L=NanJing/O=RANCHER/OU=info technology/CN=192.168.0.2/emailAddress=xxxx@126.com
Getting CA Private Key

1.4、使用IP进行签名

如果你使用IP,例如192.168.0.2来连接,则可以改为运行以下命令

echo 'subjectAltName = IP:192.168.0.2' > extfile.cnf
openssl x509 -req -days 365 -in 192.168.0.2.csr -CA ca.crt -CAkey ca.key -CAcreateserial -extfile extfile.cnf -out 192.168.0.2.crt

执行步骤如下:

root@duke:~# echo 'subjectAltName = IP:192.168.0.2' > extfile.cnf
root@duke:~# openssl x509 -req -days 365 -in 192.168.0.2.csr -CA ca.crt -CAkey ca.key -CAcreateserial -extfile extfile.cnf -out 192.168.0.2.crt
Signature ok
subject=/C=CN/ST=NanJing/L=NanJing/O=RANCHER/OU=info technology/CN=192.168.0.2/emailAddress=xxxx@126.com
Getting CA Private Key

【注意】:subjectAltName后的IP不需添加端口。

1.5、检查文件

经过上面步骤操作后,会生成ca.crt、ca.srl、ca.key、192.168.0.2.crt、192.168.0.2.key、192.168.0.2.csr、extfile.cnf这几个文件。

执行步骤如下:

root@duke:~# ls
192.168.0.2.crt 192.168.0.2.key ca.crt ca.srl docker-1.13.1.tgz kubectl shipyard var 模板 图片 下载 桌面
192.168.0.2.csr anaconda3 ca.key docker extfile.cnf mapd-docker-storage tigervncserver_1.6.80-4_amd64.deb 公共的 视频 文档 音乐

二、验证自签名证书

【注意】: 因为使用的是自签名证书,浏览器会提示证书的颁发机构是未知的。

把生成的ca证书和去除密码的私钥文件部署到web服务器(例如:harbor)后,执行以下命令验证:

2.1、不加CA证书验证

openssl s_client -connect 192.168.0.2:443 -servername 192.168.0.2

执行步骤如下:

root@duke:~#  openssl s_client -connect 192.168.0.2:8443 -servername 192.168.0.2
CONNECTED(00000003)
depth=0 C = CN, ST = NanJing, L = NanJing, O = rancher, OU = info technology, CN = duke, emailAddress = xxxx@126.com
verify error:num=18:self signed certificate 报错自签名不正确
verify return:1
depth=0 C = CN, ST = NanJing, L = NanJing, O = rancher, OU = info technology, CN = duke, emailAddress = xxxx@126.com
verify return:1
---
Certificate chain
0 s:/C=CN/ST=NanJing/L=NanJing/O=rancher/OU=info technology/CN=duke/emailAddress=xxxx@126.com
i:/C=CN/ST=NanJing/L=NanJing/O=rancher/OU=info technology/CN=duke/emailAddress=xxxx@126.com
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIF6TCCA9GgAwIBAgIJALx+htau6IhyMA0GCSqGSIb3DQEBCwUAMIGKMQswCQYD
VQQGEwJDTjEQMA4GA1UECAwHTmFuSmluZzEQMA4GA1UEBwwHTmFuSmluZzEQMA4G
A1UECgwHcmFuY2hlcjEYMBYGA1UECwwPaW5mbyB0ZWNobm9sb2d5MQ0wCwYDVQQD
DARkdWtlMRwwGgYJKoZIhvcNAQkBFg1oenc5N0AxMjYuY29tMB4XDTE4MTIyNDA2
MTU0OVoXDTE5MTIyNDA2MTU0OVowgYoxCzAJBgNVBAYTAkNOMRAwDgYDVQQIDAdO
YW5KaW5nMRAwDgYDVQQHDAdOYW5KaW5nMRAwDgYDVQQKDAdyYW5jaGVyMRgwFgYD
VQQLDA9pbmZvIHRlY2hub2xvZ3kxDTALBgNVBAMMBGR1a2UxHDAaBgkqhkiG9w0B
CQEWDWh6dzk3QDEyNi5jb20wggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoIC
AQCwxjnhRPlbrfr+wsxtDgK8MOBSPSoqpeEl6j8LoV+UFwWKlIZH9Qc82nV2/OVZ
AZUP1UZ/syJlup3e8gus9UvltAuGvMZdGGeVtWqRCoEbpSgaehpspbC8yL7UOx5P
TafDqyLuP5jZ4/xskpCXvsUbtDYDs1/9H5yVP4yAsZtsGFfdxx4Ztyger5SEFYwj
hHdGhrgMk1Zj3f2CJu0iPDqRP2dxJp0/+Hc3MrKrkXd8/BLEWHiKL7GhQZRPEqYc
TZYwtooXEqwvJBgi02VTn+SGQLKi9ekYNdUyLAp3qO1FC/G9OiIKjy625+umlgZX
V06Uy5NnbrAmqkUJwN/q+jt/GsJYgOPn2PdylvIx2T+x3bh+VGj2lY8NztkDV5/1
6FCoIt7xTfOJMfCuGqHfHYAAG+QmC1W+qX04HFeMrJcTG2RSW/g6dKUFI3k+fzhU
IqHqeQgTc9Pg1zJtWDzNyMZYgcxvS3J5TBrSUIXuKr5oomKEV7+tRUPjEVjjE6tb
1OAQdoahB2IOHcAxKAiutJz5AWQOd+YgWUEx9i33MBNnPZ3JjMof09fbwOO7SuhF
jRob8rKas0jLx2RM7xTMY5KPHiBQ45vSX5MxmSFNNHQlzWUoIoQLVLh5Zylhavjw
Q5zCeXBE8SKrKG49T2j1VgG+I/QnNfshBepfF+7ZzllhmQIDAQABo1AwTjAdBgNV
HQ4EFgQUVYAauWx8AP42NMOq6IDO2g/EK0UwHwYDVR0jBBgwFoAUVYAauWx8AP42
NMOq6IDO2g/EK0UwDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAgEAVJFO
tmkav5obqDDYoGeTOUBHZl1Iu6A0L0P+aL9506Vj+2vGkfG3QegwLMX1Yqs7OW2t
FSJZ9TVGdL6FvCvT4+We+k5otmxg/Mo767NTioSjStIRD024ZY00rUezHBk7nodU
WdRcIfcmGjLf3XTWZzriKDghyH82C6L6FMx043ETDbsfBKGFWY9LyTKb6JNHNhU6
ycdzO7AdPaJMJ17WpZTHWJZDzX+Xeep29RP4+nRpVmuTEGY4IQGLNJ7PNgS9Pe++
4QF8ZZXsRLljfdetx0A1Yhc8A5b9+NZYQF9cjBsaCOqcwNpI5+hTfsl2As2AFllb
d0j1xGJ4vqlK1wVdkYrvroO2guXfkDXse2lfKUfDDfrTRNfUysUyawUSt92TiNUU
NaIILtyiE6D20mLwJe/JkyydrTemuqXD/OFxKnBT0KjTPr5JTCHvBKnYBgXEq2yd
zsrR9fjeaktPxoWBNtN8VAFtadjso40FnFloqgBNRKuUSq17QZxppVTGy+DDbUAW
OeIZAy+nvpisNqA9UmG2SbqSSUVuaWK1e9QIayFMEA/ytn5rSVYXTXF4FFT46lOK
LCfeEOAI6owAbPOCP503f+4HeKJ7dzNbkGC2hCodrur26oflFroZ6tV6i5qjvoKc
AblLKT3tuY4IhOPSjlueF0OfpLZTTBhXQ3M7xZA=
-----END CERTIFICATE-----
subject=/C=CN/ST=NanJing/L=NanJing/O=rancher/OU=info technology/CN=duke/emailAddress=xxxx@126.com
issuer=/C=CN/ST=NanJing/L=NanJing/O=rancher/OU=info technology/CN=duke/emailAddress=xxxx@126.com
---
No client certificate CA names sent
Peer signing digest: SHA512
Server Temp Key: ECDH, P-256, 256 bits
---
SSL handshake has read 2464 bytes and written 450 bytes
---
New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES256-GCM-SHA384
Server public key is 4096 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
Protocol : TLSv1.2
Cipher : ECDHE-RSA-AES256-GCM-SHA384
Session-ID: 340DBA9B6572AEAF10CFD75D77B86CBAB1ED2F91DC69C44628C08C112A84F473
Session-ID-ctx:
Master-Key: C294F7E4E56D19FAA1EC1279718385BF677C4E6DC250424F2424BAB8F48E37290FCEFC0C5B8326D33AE69DAC5CF35F77
Key-Arg : None
PSK identity: None
PSK identity hint: None
SRP username: None
TLS session ticket lifetime hint: 300 (seconds)
TLS session ticket:
0000 - c7 bb 8d 3d cf cb cc 5c-61 2d 75 79 63 b0 39 57 ...=...\a-uyc.9W
0010 - 2f 80 15 34 c5 60 31 e1-43 54 7d 95 bf e4 ad 5e /..4.`1.CT}....^
0020 - ea 62 db 2b 94 46 13 83-a2 08 c0 04 c8 7b 74 1c .b.+.F.......{t.
0030 - 26 da 21 1d b5 db d7 c4-3a 3e e2 b0 81 14 2d 87 &.!.....:>....-.
0040 - d8 0f a4 60 34 cc e9 0f-46 54 87 49 7f 1c 2a 56 ...`4...FT.I..*V
0050 - 55 e7 11 d0 cd d9 df 8c-b1 0e 8f 34 c1 ff 71 4c U..........4..qL
0060 - 46 73 61 a3 88 d7 2a 4c-90 2b c6 76 7c 28 f4 ef Fsa...*L.+.v|(..
0070 - 69 48 a1 15 23 73 32 c5-55 c6 4a 65 b9 40 7d c3 iH..#s2.U.Je.@}.
0080 - dc 5e cf 6d 0c cf 90 59-88 0c 6c 12 76 ca d0 1a .^.m...Y..l.v...
0090 - 65 43 f9 a6 1b 5c 03 ed-ac 59 85 26 1a a9 1b bb eC...\...Y.&....
00a0 - 53 37 d9 da f9 f7 27 f2-00 6a 27 ae a1 c1 98 f5 S7....'..j'.....
00b0 - ff 27 07 51 6f 98 d4 b3-cd 63 24 d5 9e 1b 85 99 .'.Qo....c$..... Start Time: 1545636922
Timeout : 300 (sec)
Verify return code: 18 (self signed certificate)
---

2.2、添加CA证书验证

openssl s_client -connect 192.168.0.2:8443 -servername 192.168.0.2 -CAfile ca.crt

执行步骤如下:

root@duke:~# openssl s_client -connect 192.168.0.2:8443 -servername 192.168.0.2 -CAfile ca.crt
CONNECTED(00000003)
depth=0 C = CN, ST = NanJing, L = NanJing, O = rancher, OU = info technology, CN = duke, emailAddress = xxxx@126.com
没有报错,证书鉴权正确
verify return:1
---
Certificate chain
0 s:/C=CN/ST=NanJing/L=NanJing/O=rancher/OU=info technology/CN=duke/emailAddress=xxxx@126.com
i:/C=CN/ST=NanJing/L=NanJing/O=rancher/OU=info technology/CN=duke/emailAddress=xxxx@126.com
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIF6TCCA9GgAwIBAgIJALx+htau6IhyMA0GCSqGSIb3DQEBCwUAMIGKMQswCQYD
VQQGEwJDTjEQMA4GA1UECAwHTmFuSmluZzEQMA4GA1UEBwwHTmFuSmluZzEQMA4G
A1UECgwHcmFuY2hlcjEYMBYGA1UECwwPaW5mbyB0ZWNobm9sb2d5MQ0wCwYDVQQD
DARkdWtlMRwwGgYJKoZIhvcNAQkBFg1oenc5N0AxMjYuY29tMB4XDTE4MTIyNDA2
MTU0OVoXDTE5MTIyNDA2MTU0OVowgYoxCzAJBgNVBAYTAkNOMRAwDgYDVQQIDAdO
YW5KaW5nMRAwDgYDVQQHDAdOYW5KaW5nMRAwDgYDVQQKDAdyYW5jaGVyMRgwFgYD
VQQLDA9pbmZvIHRlY2hub2xvZ3kxDTALBgNVBAMMBGR1a2UxHDAaBgkqhkiG9w0B
CQEWDWh6dzk3QDEyNi5jb20wggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoIC
AQCwxjnhRPlbrfr+wsxtDgK8MOBSPSoqpeEl6j8LoV+UFwWKlIZH9Qc82nV2/OVZ
AZUP1UZ/syJlup3e8gus9UvltAuGvMZdGGeVtWqRCoEbpSgaehpspbC8yL7UOx5P
TafDqyLuP5jZ4/xskpCXvsUbtDYDs1/9H5yVP4yAsZtsGFfdxx4Ztyger5SEFYwj
hHdGhrgMk1Zj3f2CJu0iPDqRP2dxJp0/+Hc3MrKrkXd8/BLEWHiKL7GhQZRPEqYc
TZYwtooXEqwvJBgi02VTn+SGQLKi9ekYNdUyLAp3qO1FC/G9OiIKjy625+umlgZX
V06Uy5NnbrAmqkUJwN/q+jt/GsJYgOPn2PdylvIx2T+x3bh+VGj2lY8NztkDV5/1
6FCoIt7xTfOJMfCuGqHfHYAAG+QmC1W+qX04HFeMrJcTG2RSW/g6dKUFI3k+fzhU
IqHqeQgTc9Pg1zJtWDzNyMZYgcxvS3J5TBrSUIXuKr5oomKEV7+tRUPjEVjjE6tb
1OAQdoahB2IOHcAxKAiutJz5AWQOd+YgWUEx9i33MBNnPZ3JjMof09fbwOO7SuhF
jRob8rKas0jLx2RM7xTMY5KPHiBQ45vSX5MxmSFNNHQlzWUoIoQLVLh5Zylhavjw
Q5zCeXBE8SKrKG49T2j1VgG+I/QnNfshBepfF+7ZzllhmQIDAQABo1AwTjAdBgNV
HQ4EFgQUVYAauWx8AP42NMOq6IDO2g/EK0UwHwYDVR0jBBgwFoAUVYAauWx8AP42
NMOq6IDO2g/EK0UwDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAgEAVJFO
tmkav5obqDDYoGeTOUBHZl1Iu6A0L0P+aL9506Vj+2vGkfG3QegwLMX1Yqs7OW2t
FSJZ9TVGdL6FvCvT4+We+k5otmxg/Mo767NTioSjStIRD024ZY00rUezHBk7nodU
WdRcIfcmGjLf3XTWZzriKDghyH82C6L6FMx043ETDbsfBKGFWY9LyTKb6JNHNhU6
ycdzO7AdPaJMJ17WpZTHWJZDzX+Xeep29RP4+nRpVmuTEGY4IQGLNJ7PNgS9Pe++
4QF8ZZXsRLljfdetx0A1Yhc8A5b9+NZYQF9cjBsaCOqcwNpI5+hTfsl2As2AFllb
d0j1xGJ4vqlK1wVdkYrvroO2guXfkDXse2lfKUfDDfrTRNfUysUyawUSt92TiNUU
NaIILtyiE6D20mLwJe/JkyydrTemuqXD/OFxKnBT0KjTPr5JTCHvBKnYBgXEq2yd
zsrR9fjeaktPxoWBNtN8VAFtadjso40FnFloqgBNRKuUSq17QZxppVTGy+DDbUAW
OeIZAy+nvpisNqA9UmG2SbqSSUVuaWK1e9QIayFMEA/ytn5rSVYXTXF4FFT46lOK
LCfeEOAI6owAbPOCP503f+4HeKJ7dzNbkGC2hCodrur26oflFroZ6tV6i5qjvoKc
AblLKT3tuY4IhOPSjlueF0OfpLZTTBhXQ3M7xZA=
-----END CERTIFICATE-----
subject=/C=CN/ST=NanJing/L=NanJing/O=rancher/OU=info technology/CN=duke/emailAddress=xxxx@126.com
issuer=/C=CN/ST=NanJing/L=NanJing/O=rancher/OU=info technology/CN=duke/emailAddress=xxxx@126.com
---
No client certificate CA names sent
Peer signing digest: SHA512
Server Temp Key: ECDH, P-256, 256 bits
---
SSL handshake has read 2464 bytes and written 450 bytes
---
New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES256-GCM-SHA384
Server public key is 4096 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
Protocol : TLSv1.2
Cipher : ECDHE-RSA-AES256-GCM-SHA384
Session-ID: A6C098FEBD7A744A4B7698949AAD54C4A56B362EA357BA0F2EE66335E3584691
Session-ID-ctx:
Master-Key: EFCAB47D6C3F3132B93AE60A45CF5F7776240108617CCD29894F509710D80038A08B6A0A802AF7825ECD74698D551D34
Key-Arg : None
PSK identity: None
PSK identity hint: None
SRP username: None
TLS session ticket lifetime hint: 300 (seconds)
TLS session ticket:
0000 - c7 bb 8d 3d cf cb cc 5c-61 2d 75 79 63 b0 39 57 ...=...\a-uyc.9W
0010 - 50 df ce 95 3d 8f 24 aa-4c 80 0b 4d 8e 6f b3 af P...=.$.L..M.o..
0020 - e4 66 f7 dd ea b6 45 76-17 3e eb 7b 3e 77 52 17 .f....Ev.>.{>wR.
0030 - 33 e4 d3 54 5e d2 0d ab-ed 73 54 df ab 22 3d cd 3..T^....sT.."=.
0040 - 56 8d f8 9e c4 cd 83 33-8f f5 a2 91 68 ea cf cd V......3....h...
0050 - 2a e7 f2 3f 8e c6 e1 b8-a5 f3 28 92 98 70 01 d8 *..?......(..p..
0060 - fd ad 08 aa ae 6b 4d ff-7f 2f 6f b6 63 23 33 4d .....kM../o.c#3M
0070 - 94 18 f2 a7 01 a8 c6 bc-a3 c5 d3 6f 71 39 f0 d0 ...........oq9..
0080 - 9b 99 cf 5f 79 01 c0 2d-b8 69 40 15 ea ae c1 77 ..._y..-.i@....w
0090 - f0 77 72 ba 52 b9 6c b7-56 c8 a9 f2 f4 67 82 45 .wr.R.l.V....g.E
00a0 - ee 41 86 1f b9 97 66 2b-66 17 6c 81 b2 92 88 8a .A....f+f.l.....
00b0 - ba 96 63 75 97 f3 63 4f-4b a4 9c ab 3f b7 8c db ..cu..cOK...?... Start Time: 1545637270
Timeout : 300 (sec)
Verify return code: 0 (ok)
---

简单使用OpenSSL生成密钥的更多相关文章

  1. 使用openssl生成密钥、加密和签名

    openssl genrsa -out rsakey.pem 1024  //生成1024bit的RSA密钥,并保存到rsakey.pem,此处未对密钥进行加密 openssl genrsa -aes ...

  2. openssl生成密钥/证书

    一.公钥/私钥/签名/验证签名/加密/解密/非对称加密 对称加密:用同一个密码  加密/解密  文件. 非对称加密:加密用的一个密码,解密用另外一组密码. 加密解密:公钥加密数据,然后私钥解密. 公钥 ...

  3. PHP通过OpenSSL生成证书、密钥并且加密解密数据,以及公钥,私钥和数字签名的理解

    一.公钥加密假设一下,我找了两个数字,一个是1,一个是2.我喜欢2这个数字,就保留起来,不告诉你们(私钥),然后我告诉大家,1是我的公钥. 我有一个文件,不能让别人看,我就用1加密了.别人找到了这个文 ...

  4. .NET使用OpenSSL生成的pem密钥文件

    NET要使用OpenSSL生成的pem密钥文件,网上资料很少(http://www.faqs.org/rfcs/rfc1421.html,RFC1421文件又老长老长),仅有的资料还是有错误的,所以今 ...

  5. 用 OPENSSL 生成不同格式的密钥

    用 OPENSSL 生成不同格式的密钥 密钥 key 值包括 加密算法: RSA/DSA/ECC 加密位数: 1024/2048/4096 密钥口令:加密方式有很多 在使用 DSA/ECC 加密算法时 ...

  6. .NET导入openssl生成的公钥之BEGIN RSA PUBLIC KEY

    .NET导入openssl生成的公钥之BEGIN RSA PUBLIC KEY 我得到了一个公钥,形式如下 -----BEGIN RSA PUBLIC KEY----- MIGJAoGBAMroxz3 ...

  7. 用Keytool和OpenSSL生成和签发数字证书

    一)keytool生成私钥文件(.key)和签名请求文件(.csr),openssl签发数字证书      J2SDK在目录%JAVA_HOME%/bin提供了密钥库管理工具Keytool,用于管理密 ...

  8. openssl生成pem,密钥证书的创建

    使用OpenSSL生成证书 首先得安装OpenSSL软件包openssl,安装了这个软件包之后,我们可以做这些事情: o Creation of RSA, DH and DSA Key Paramet ...

  9. openssl 生成证书基本原理

    摘自:http://blog.csdn.net/oldmtn/article/details/52208747 1. 基本原理 公司一个项目要进行交易数据传输,因为这个项目银行那边也是刚刚开始启动,所 ...

随机推荐

  1. Linux 笔记 - 第二十一章 配置 NFS 服务

    一.前言 NFS(Network File System,网络文件系统),主要功能是通过网络(一般是局域网)让不同的主机系统之间可以共享文件或目录.NFS 客户端(一般为应用服务器,例如web)可以通 ...

  2. linux 操作系统级别监控 iostat 命令

    iostat命令可以查看当前机器磁盘io的数据 命令:iostat -x -k 1 -x:展示磁盘的扩展信息 -k:以k为单位展示磁盘数据 1:每1秒刷新一次 展示结果 util:磁盘IO使用率,单位 ...

  3. springcloud config配置读取优先级

    情景描述 最近在修复Eureka的静态页面加载不出的缺陷时,最终发现是远程GIT仓库将静态资源访问方式配置给禁用了(spring.resources.add-mappings=false).虽然最后直 ...

  4. DOM之事件(一)

    DOM事件,就是浏览器或用户针对页面可以做出的某种动作,我们称这些动作为DOM事件.它是用户和页面交互的核心.当动作发生(事件触发)时,我们可以为其绑定一个或多个事件处理程序(函数),来完成我们想要实 ...

  5. SpringBoot官方文档学习(一)开发你的第一个Spring Boot应用

    一些准备工作: 本节介绍如何开发一个简单的“ Hello World!” Web应用程序,该应用程序重点介绍Spring Boot的一些关键功能.我们使用Maven来构建该项目,因为大多数IDE都支持 ...

  6. Spring Boot 2.x基础教程:构建RESTful API与单元测试

    首先,回顾并详细说明一下在快速入门中使用的@Controller.@RestController.@RequestMapping注解.如果您对Spring MVC不熟悉并且还没有尝试过快速入门案例,建 ...

  7. logcat粗略了解(一)

    Logcat Logcat介绍:logcat是android的一个命令行工具,用于的到程序的log信息 Logcat命令格式: [adb] logcat [<option>]…[<f ...

  8. Spring MVC 梳理 - handlerMapping和handlerAdapter分析

    参考图片 综上所述我们来猜测一下spring mvc 中根据URL找到处理器Controller中相应方法的流程 ①:获取Request的URL ②:从UrlLookup这个map中找到相应的requ ...

  9. 读《深入理解Elasticsearch》点滴-查询评分

    计算文档得分的因子: 文档权重(document boost):索引期赋予某个文档的权重值 字段权重(field boost):查询期赋予某个文档的权重值 协调因子(coord):基于文档中词项个数的 ...

  10. spring系列常用注解

    常见注解使用 - @SpringBootApplication,springboot的核心注解,用于开启自动配置,等效于@Configuraion.@ComponentScan和@EnableAuto ...