Home PC Games Linux Windows Database Network Programming Server Mobile  
           
  Home \ Linux \ Use OpenSSL to generate a certificate detailed process     - To create a problem by the statement date comparison of the difference between MySQL and Oracle (Database)

- Ubuntu install Lighttpd + Mono support .net (Linux)

- The most common and most effective security settings under linux (Linux)

- Docker Basic and Advanced (Linux)

- Linux, modify / retrieve the root password (Linux)

- VirtualBox CentOS is configured as a local disk mirroring software source (Linux)

- Linux use logs to troubleshoot (Linux)

- linux raid levels and concepts introduced (Linux)

- Graphical interface for the CentOS 6.4 installed and connected by remote VNC (Linux)

- GO five stages of language learning (Programming)

- Everyone should know something about TCP (Linux)

- Phoenix agents use P2P WebRTC development (Programming)

- Manage SQL Server services login (start) account and password (Database)

- PHP CURL get cookies simulated login (Database)

- Linux performance monitoring and common commands Introduction (Linux)

- Oracle 11g upgrade PSU detailed steps (Database)

- To install the mail client terminal Evolution 3.13.2 under Ubuntu 14.04 (Linux)

- Drawing from the Android source code analysis View (Programming)

- Java multi-threaded shared communications variables (Programming)

- Error code: 2013 Lost connection to MySQL server during query (Database)

 
         
  Use OpenSSL to generate a certificate detailed process
     
  Add Date : 2017-08-31      
         
         
         
  Use OpenSSL to generate a certificate

Download and install OpenSSL, enter / bin / below, Run (the openssl.cnf ssl directory are copied to the bin directory)

1. First, you want to generate the server's private key (key file):

openssl genrsa -des3 -out server.key 1024

[Root @ airwaySSL openssl] # cd ssl /

[Root @ airwaySSL ssl] # pwd

/ Home / openssl / ssl

[Root @ airwaySSL ssl] # ls

certs man misc openssl.cnf private server.csr server.key

Runtime will be prompted for a password, the password used to encrypt the key file (encryption algorithm parameters des3 means is, of course, you think that you can use other security algorithms.), Later whenever needed (openssl command provides read this file or API) are required to enter a password. If inconvenient, this password can also be removed, but be sure to take other protective measures!

Removing the key file password command:

openssl rsa -in server.key -out server.key

2.openssl req -new -key server.key -out server.csr -config openssl.cnf

[Root @ airwaySSL bin] # openssl req -new -key server.key -out server.csr -config openssl.cnf

Enter pass phrase for server.key: 12345

You are about to be asked to enter information that will be incorporated

into your certificate request.

What you are about to enter is what is called a Distinguished Name or a DN.

There are quite a few fields but you can leave some blank

For some fields there will be a default value,

If you enter '.', The field will be left blank.

-----

Country Name (2 letter code) [AU]: CN

State or Province Name (full name) [Some-State]: china

Locality Name (eg, city) []: wuhan

Organization Name (eg, company) [Internet Widgits Pty Ltd]: airway

Organizational Unit Name (eg, section) []: airway

Common Name (eg, YOUR name) []: airway

Email Address []:

 

Please enter the following 'extra' attributes

to be sent with your certificate request

A challenge password []:

An optional company name []:

 

After generating the Certificate Signing Request (CSR), the generated csr file to a CA-signed certificate form the service end of their display will be prompted, enter the required step by step in accordance with its instructions to personal information.

3. The client can also do the same key and csr command generates a file:

openssl genrsa -des3 -out client.key 1024

 

Generating RSA private key, 1024 bit long modulus

........... ++++++

.. ++++++

e is 65537 (0x10001)

Enter pass phrase for client.key: 12345

Verifying - Enter pass phrase for client.key: 12345

 

openssl req -new -key client.key -out client.csr -config openssl.cnf

 

[Root @ airwaySSL bin] # openssl req -new -key client.key -out client.csr -config openssl.cnf

Enter pass phrase for client.key: 12345

You are about to be asked to enter information that will be incorporated

into your certificate request.

What you are about to enter is what is called a Distinguished Name or a DN.

There are quite a few fields but you can leave some blank

For some fields there will be a default value,

If you enter '.', The field will be left blank.

-----

Country Name (2 letter code) [AU]: cn

State or Province Name (full name) [Some-State]: china

Locality Name (eg, city) []: wuhan

Organization Name (eg, company) [Internet Widgits Pty Ltd]: airway

Organizational Unit Name (eg, section) []: airway

Common Name (eg, YOUR name) []: airway

Email Address []:

 

Please enter the following 'extra' attributes

to be sent with your certificate request

A challenge password []:

An optional company name []:

 

4.CSR file must have formed before the CA's signature certificate. This file can be sent to verisign other places by its verification, to pay a lot of money, why not do it yourself CA yet.

openssl req -new -x509 -keyout ca.key -out ca.crt -config openssl.cnf

 

[Root @ airwaySSL bin] # openssl req -new -x509 -keyout ca.key -out ca.crt -config openssl.cnf

Generating a 1024 bit RSA private key

... ++++++

................... ++++++

writing new private key to 'ca.key'

Enter PEM pass phrase: 12345

Verifying - Enter PEM pass phrase:

-----

You are about to be asked to enter information that will be incorporated

into your certificate request.

What you are about to enter is what is called a Distinguished Name or a DN.

There are quite a few fields but you can leave some blank

For some fields there will be a default value,

If you enter '.', The field will be left blank.

-----

Country Name (2 letter code) [AU]: CN

State or Province Name (full name) [Some-State]: china

Locality Name (eg, city) []: wuhan

Organization Name (eg, company) [Internet Widgits Pty Ltd]: airway

Organizational Unit Name (eg, section) []: airway

Common Name (eg, YOUR name) []: airway

Email Address []:

Continuing operations before the following will openssl.conf file open, view its dir path to modify dir = / home / openssl / bin / demoCA /, otherwise the following steps will prompt the path can not be found.

 

Create a directory structure to manually CA:
[Weigw @ TEST bin] $ mkdir ./demoCA
[Weigw @ TEST bin] $ mkdir demoCA / newcerts
Create an empty file:
[Weigw @ TEST bin] $ vi demoCA / index.txt
01 is written to the file:
[Weigw @ TEST bin] $ vi demoCA / serial

5. CA certificate generated for the earlier generation of server.csr, client.csr file signature:

openssl ca -in server.csr -out server.crt -cert ca.crt -keyfile ca.key -config openssl.cnf

 

[Root @ airwaySSL bin] # openssl ca -in server.csr -out server.crt -cert ca.crt -keyfile ca.key -config openssl.cnf

Using configuration from openssl.cnf

Enter pass phrase for ca.key:

Check that the request matches the signature

Signature ok

Certificate Details:

        Serial Number: 1 (0x1)

        Validity

            Not Before: Feb 26 04:15:02 2009 GMT

            Not After: Feb 26 04:15:02 2010 GMT

        Subject:

            countryName = CN

            stateOrProvinceName = china

            organizationName = airway

            organizationalUnitName = airway

            commonName = airway

        X509v3 extensions:

            X509v3 Basic Constraints:

            CA: FALSE

            Netscape Comment:

            OpenSSL Generated Certificate

            X509v3 Subject Key Identifier:

            30: 70: D2: EB: 9B: 73: AE: 7B: 0E: 8E: F6: 94: 33: 7C: 53: 5B: EF: 93: FC: 38

            X509v3 Authority Key Identifier:

            keyid: DB: D6: 83: BB: 7F: 28: C2: A9: 40: 6A: D8: 32: FC: 01: E0: 5C: 48: 27: 51: 19

 

Certificate is to be certified until Feb 26 04:15:02 2010 GMT (365 days)

Sign the certificate [y / n]:? Y

 

 

1 out of 1 certificate requests certified, commit? [Y / n] y

Write out database with 1 new entries

Data Base Updated

 

openssl ca -in client.csr -out client.crt -cert ca.crt -keyfile ca.key -config openssl.cnf

 

[Root @ airwaySSL bin] # openssl ca -in client.csr -out client.crt -cert ca.crt -keyfile ca.key -config openssl.cnf

Using configuration from openssl.cnf

Enter pass phrase for ca.key:

Check that the request matches the signature

Signature ok

The countryName field needed to be the same in the

CA certificate (CN) and the request (cn)

Now we need all the files will be generated.

another:

Client files used are: ca.crt, client.crt, client.key

File server used are: ca.crt, server.crt, server.key
     
         
         
         
  More:      
 
- Terminal Linux command prints - echo (Linux)
- Ubuntu 14.04 jdk Installation and Configuration (Linux)
- To install Ganglia configuration of experience under CentOS 5.5 (Linux)
- Python dictionary applications get built-in method (Programming)
- OpenJDK 7 compiled under Ubuntu 14.04.3 64-bit (Linux)
- Improve the efficiency of Linux development tools 5 (Linux)
- Linux character device - user mode and kernel mode data transfer data (Linux)
- How to install web crawler tool in Ubuntu 14.04 LTS: Scrapy (Linux)
- iOS persistence of data archiving NSKeyedArchiver (Programming)
- Close common port to protect server security (Linux)
- 64-bit Ubuntu 15.10 How to compile the latest version of the 32 Wine 1.7.53 (Linux)
- On FreeBSD 10.2 Bugzilla how to install and configure Apache SSL (Server)
- Use PuTTY key authentication mechanism for remote login Linux (Linux)
- CentOS 7 x64 compiler installation Tengine 2.0.3 Comments (Server)
- Linux, modify / retrieve the root password (Linux)
- RedHat command line and graphical interface switching (Linux)
- Use exp exported EXP-00091 error (Database)
- Differential test piece using MongoDB performance YCSB (Database)
- C / C ++ language usage summary of const (Programming)
- How to make a U disk to install Ubuntu (Linux)
     
           
     
  CopyRight 2002-2022 newfreesoft.com, All Rights Reserved.