Home PC Games Linux Windows Database Network Programming Server Mobile  
  Home \ Server \ To generate a certificate using OpenSSL under Linux     - Wildcards and special symbols usage comments under Linux (Linux)

- How to find on Linux and delete duplicate files: FSlint (Linux)

- Use eCryptFS encrypt files and directories on Linux (Linux)

- CentOS6 MongoDB connection solution can not break 1000 (Database)

- Nginx1.8 version upgrade method AMH4.2 Free manually compile (Server)

- How to enable fbcon in Debian (Linux)

- Grub2: Save Your bootloader (Linux)

- Ease of use "Explain Shell" script to understand Shell command (Linux)

- CentOS 6.5 configuration SSDB 1.8.0 (Server)

- Java proxy use and proxy principle (Programming)

- Close and limit unused ports computer server security protection (Linux)

- Ubuntu derivative version of the user and how to install SmartGit / HG 6.0.0 (Linux)

- How do I upgrade from Ubuntu 15.04 to Ubuntu 15.10 (Linux)

- LAN Deployment Docker-- from scratch to create your own private warehouse Docker (Linux)

- Set up MySQL master and slave servers under Ubuntu 14.04 (Server)

- Debian Stable (Jessie 8.1) of normal.mod not found (Linux)

- Linux source code analysis tool (Linux)

- 8 Docker knowledge you may not know (Server)

- Elaborate .NET Multithreading: Using Task (Programming)

- Oracle background processes daemons (Database)

  To generate a certificate using OpenSSL under Linux
  Add Date : 2017-08-31      
  Using OpenSSL generated library and command program, the generated command program includes the encryption / decryption algorithm test, openssl program, ca program. With openssl, ca can be used for C / S mode certificate files and CA files.

Steps to generate certificate file:

First, the server

1. Generate the server-side private key (key file);

Openssl genrsa -des3 -out server.key 1024

The password is used to encrypt the key file (parameter des3 is the encryption algorithm, you can also use other security algorithms), later need to read this file (through openssl provided by the command or API) are required to enter If you do not want a password, you can use the following command to remove the password:

Openssl rsa -in server.key -out server.key

2. Generate a server-side certificate signing request file (csr file);

Openssl req -new -key server.key -out server.csr

Generate the Certificate Signing Request (CSR), the generated csr file to the CA signature to form the server's own certificate.There will be a prompt on the screen, follow the prompts step by step to enter the requested personal information (such as: Country, province, city , Company, etc.).

Second, the client

1. The same order for the client to generate key and csr file;

Openssl genrsa -des3 -out client.key 1024

Openssl req -new -key client.key -out client.csr

Third, generate the CA certificate file

The server.csr and client.csr files must have a CA signature to form the certificate.

1. First generate the CA key file:

Openssl genrsa -des3 -out ca.key 1024

2. Generate a CA self-signed certificate:

Openssl req -new -x509 -key ca.key -out ca.crt

You can add a certificate expiration time option "-days 365".

Fourth, the use of CA certificate signature

With the generated CA certificate for the server.csr, client.csr file signature, the use of openssl in the CA.pl file

1. When prompted for an existing certificate file, enter the ca.crt certificate file that was generated above;

Ca.pl -newca

2. Generate the server certificate file

Openssl ca -in server.csr -out server.crt -cert ca.crt -keyfile ca.key -config openssl.cnf

3. Generate the client certificate file

Openssl ca -in client.csr -out client.crt -cert ca.crt -keyfile ca.key -config openssl.cnf

Must ensure that openssl.cnf in the current directory, this file can be found in the apps directory.

Fifth, the possible errors

Error 1:

Error loading the config file 'openssl.cnf'


Find. -name "openssl.c *"

Cp /usr/local/ssl/openssl.cnf ./

Error 2:


Touch demoCA / serial

Echo "00"> demoCA / serial

OpenSSL provides FTP + SSL / TLS authentication
- Merge sort Java implementation (Programming)
- Computer security protection remove local and remote system log files (Linux)
- Python calls the API interface in several ways (Programming)
- Use Mop monitor stock prices at the Linux command line (Linux)
- History of the most complex validation e-mail address regular expression (Linux)
- Linux system crash (no such file or directory) How to rescue database (Linux)
- Ubuntu apt-mirror established local private sources (Linux)
- Sublime Text Add instructions to insert the current time zone (Linux)
- How to use Android Studio development / debugging Android source code (Linux)
- After VMware CentOS full VM clone the network card is unavailable Solutions (Linux)
- Python-- for anomalies and reflection of objects articles (Programming)
- Linux System Getting Started Learning: modify environment variables in Linux PATH (Linux)
- Define and modify strings principle in Python (Programming)
- Linux (RHEL5) general optimization system security (Linux)
- Eclipse distributed management using GitHub project development (Linux)
- Linux iostat command example explanation (Linux)
- Example of use WebSocket (Programming)
- Oracle11g CRS-0184 Problem Solving (Database)
- Linux System Administrator Network Security Experience (Linux)
- Fast Learning Clojure (Programming)
  CopyRight 2002-2020 newfreesoft.com, All Rights Reserved.