1. openssl commonly used commands
  2. before use Configure to generate Makefile, should notice follow options
  3. --prefix=DIR  // install dir
  4. --libdir=DIR  // install dir
  5. --openssldir=DIR  // Directory for OpenSSL configuration files, and also the default certificate and key store
  6. use no-[option] or enable-[option] to turn off/on certion function.
  7.  
  8. # openssl genrsa -des3 -out private.key 2048
  9. # public key is also contained by private.key
  10. openssl genrsa -out private.key 2048
  11. openssl req -new -key private.key -out cert.csr -subj "/C=CN/ST=sh/O=Internet Widgits Pty Ltd/CN=www.baidu.com"
  12. openssl x509 -days 360 -req -in cert.csr -signkey private.key -out cert.crt
  13. openssl x509 -in cert.crt -noout -text
  14. # openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout private.key -out cert.crt  -subj "/C=CN/ST=sh/O=Internet Widgits Pty Ltd/CN=www.baidu.com" -extensions v3_ca
  15.  
  16. # CA
  17. # if we want to sign a self-signed certificate we can use command:
  18. # openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout private.key -out cert.crt "/C=CN/ST=sh/O=Internet Widgits Pty Ltd/CN=www.baidu.com"  # -extensions v3_ca
  19. # if not, we use step 2), for which we must build an CA first.
  20. echo "create CA"
  21. mkdir demoCA
  22. cd demoCA
  23. mkdir certs crl private newcerts
  24. touch index.txt index.txt.attr
  25. echo "01" > serial
  26. cd ..
  27. openssl genrsa -out demoCA/private/cakey.pem 2048
  28. openssl req -new -key demoCA/private/cakey.pem -out cert.csr -subj "/C=CN/ST=sh/O=Internet Widgits Pty Ltd/CN=www.baidu.com"
  29. yes|openssl ca -selfsign -in cert.csr -extensions v3_ca
  30. cp demoCA/newcerts/01.pem demoCA/cacert.pem
  31. echo "Done"
  32.  
  33. echo " using CA sign a certificate, same countryName, provinceName, OrganizationName"
  34. openssl genrsa -out private.key 2048
  35. openssl req -new -key private.key -out cert.csr -subj "/C=CN/ST=sh/O=Internet Widgits Pty Ltd/CN=www.bing.com"
  36. yes|openssl ca -in cert.csr 
  37.  
  38. # install CA or certificates to openssl's default stroe
  39. # if dont do so, when test, we should use -CAfile or -CApath to specify CA
  40.  
  41. sudo cp demoCA/newcerts/01.pem /usr/local/ssl/certs
  42. cd /usr/local/ssl/certs
  43. sudo ln -s 01.pem `openssl x509 -noout -hash -in 01.pem`.0
  44. openssl verify -CApath ./ 01.pem
  45.  
  46. # test
  47. openssl s_server -key key.pem -cert cert.pem -CAfile demoCA/cacert.pem -accept 44330 -www -Verify 2
  48. # or through browser
  49. # here we can generate another certificate for client
  50. openssl s_client -key key.pem -cert cert.pem -CAfile demoCA/cacert.pem -connect localhost:44330
  51.  
  52. # add extention to certificate
  53. # or we can create a extion file
  54. https://comm.support.ca.com/kb/adding-custom-x509-extensions-to-certificate-signing-requests/kb000042912
  55.  
  56. # is common name mandatory?
  57. https://security.stackexchange.com/questions/55414/is-the-common-name-mandatory-for-digital-certificates

  

certificate & encryption的更多相关文章

  1. The encryption certificate of the relying party trust identified by thumbprint is not valid

    CRM2013部署完ADFS后通过url在浏览器中訪问測试是否成功,成功进入登陆界面但在登陆界面输入username和password后始终报身份验证失败,系统中的报错信息例如以下:Microsoft ...

  2. SQL Server 2014 Backup Encryption

    转载自: Microsoft MVP Award Program Blog 来源:Microsoft MVP Award Program Blog 的博客:https://blogs.msdn.mic ...

  3. SQL Server安全(9/11):透明数据加密(Transparent Data Encryption)

    在保密你的服务器和数据,防备当前复杂的攻击,SQL Server有你需要的一切.但在你能有效使用这些安全功能前,你需要理解你面对的威胁和一些基本的安全概念.这篇文章提供了基础,因此你可以对SQL Se ...

  4. SQL Server安全(8/11):数据加密(Data Encryption)

    在保密你的服务器和数据,防备当前复杂的攻击,SQL Server有你需要的一切.但在你能有效使用这些安全功能前,你需要理解你面对的威胁和一些基本的安全概念.这篇文章提供了基础,因此你可以对SQL Se ...

  5. How To Set Up Apache with a Free Signed SSL Certificate on a VPS

    Prerequisites Before we get started, here are the web tools you need for this tutorial: Google Chrom ...

  6. (转)pem, cer, p12 and the pains of iOS Push Notifications encryption

    转自:http://cloudfields.net/blog/ios-push-notifications-encryption/ The serious pains of setting up a ...

  7. freeradius 错误: error:140890C7:SSL routines:ssl3_get_client_certificate:peer did not return a certificate

    在进行802.1x 测试时遇到如下问题: Waking up in 4.6 seconds.(156) Received Access-Request Id 82 from 192.168.1.126 ...

  8. Certificate Formats | Converting Certificates between different Formats

    Different Platforms & Devices requires SSL certificates in different formatseg:- A Windows Serve ...

  9. Initializing the FallBack certificate failed . TDSSNIClient initialization failed

    安装SQL后服务不能启动,报错: 2014-03-24 14:33:10.06 spid13s     Error: 17190, Severity: 16, State: 1.2014-03-24 ...

随机推荐

  1. Appium 客户端类库

    Appium 支持以下语言的客户端类库: 语言 Ruby Python Java JavaScript PHP C# Objective-C 锁定注意,一些方法类似 endTestCoverage() ...

  2. Flutter绘制波浪

    以上动画是仿照 里面的物理动画还未仿写 代码见  https://github.com/dnoyeb/syk_flutter

  3. 汉诺塔I && II

    汉诺塔I 题目链接:https://www.nowcoder.com/questionTerminal/7d6cab7d435048c4b05251bf44e9f185 题目大意: 略 分析: 利用汉 ...

  4. VUE如何实现切换页面时的过渡动画?

    最近再写页面的时候,感觉页面之间的切换有点生硬,所以查了一下文档看见了transition这个组建,很实用,故此在这里跟大家分享一下 --------------------------------- ...

  5. Appium环境搭建-完整版

    环境依赖 Node.js Appium Appium-desktop Appium-doctor Appium-Python-Client Python JDK Andriod SDK 以上所需的软件 ...

  6. react-navigation使用之嵌套和跳转

    1. 新版react-native已经将react-navigation作为官方版本发布,基础Demo可以从官方网站获得,比较困扰的问题是组件的嵌套和第二.第三页面的跳转. 2. 组件嵌套问题: 要在 ...

  7. 接入HTTPS协议的CAS登录配置

    1.在CAS服务器创建tomcat.keystore(记住keystone创建时输入的密码) keytool -genkeypair -alias "tomcat" -keyalg ...

  8. 机器学习---感知机(Machine Learning Perceptron)

    感知机(perceptron)是一种线性分类模型,通常用于二分类问题.感知机由Rosenblatt在1957年提出,是神经网络和支持向量机的基础.通过修改损失函数,它可以发展成支持向量机:通过多层堆叠 ...

  9. 使用 PHP SOAP 来创建一个简单的 Web Service。

    访问: http://www.debug.com/php-soap-demo.php?client=22 结果: apache: <VirtualHost _default_:80> Do ...

  10. 使用lambda表达式对相同属性的实体进行合并

    List<CrmAuthorizedInfo> crmAuthorizedInfos = flowPlanInfoMapper.findAllByEncode(stationForm.ge ...