Home PC Games Linux Windows Database Network Programming Server Mobile  
  Home \ Server \ To generate a certificate using OpenSSL under Linux     - ORA-00600: internal error code, arguments: [keltnfy-ldmInit], [46], [1], [], [], [], [], [] (Database)

- Intel Graphics Installer 1.0.3 released, support for Ubuntu (Linux)

- Error code: 2013 Lost connection to MySQL server during query (Database)

- MySQL master-slave delay problem (Database)

- FastDFS installation and deployment (Server)

- How to use the Docker Machine cluster deployment Swarm (Server)

- DB2 table space is redirected to restore the database combat (Database)

- Install Visual Studio Code in Ubuntu (Linux)

- Acting on JavaScript events (Programming)

- MySQL password on those things you should know (Database)

- Linux RPM default installation path (Linux)

- Install Java on RHEL6 (Linux)

- Setting CentOS firewall open port (Linux)

- Three details reflect the Unix system security (Linux)

- Encounter ORA-00600: internal error code, arguments: [4194] ORA-1552 (Database)

- Ubuntu uses the / etc / profile file to configure the JAVA environment variable (Linux)

- Let Linux operating system more secure (Linux)

- Oracle archive log size than the size of the online journal of the much smaller (Database)

- How to install Zephyr Test Management Tools on CentOS 7.x (Server)

- Windows 8.1 and Ubuntu 14.04 dual system uninstall Ubuntu Tutorial (Linux)

  To generate a certificate using OpenSSL under Linux
  Add Date : 2017-08-31      
  Using OpenSSL generated library and command program, the generated command program includes the encryption / decryption algorithm test, openssl program, ca program. With openssl, ca can be used for C / S mode certificate files and CA files.

Steps to generate certificate file:

First, the server

1. Generate the server-side private key (key file);

Openssl genrsa -des3 -out server.key 1024

The password is used to encrypt the key file (parameter des3 is the encryption algorithm, you can also use other security algorithms), later need to read this file (through openssl provided by the command or API) are required to enter If you do not want a password, you can use the following command to remove the password:

Openssl rsa -in server.key -out server.key

2. Generate a server-side certificate signing request file (csr file);

Openssl req -new -key server.key -out server.csr

Generate the Certificate Signing Request (CSR), the generated csr file to the CA signature to form the server's own certificate.There will be a prompt on the screen, follow the prompts step by step to enter the requested personal information (such as: Country, province, city , Company, etc.).

Second, the client

1. The same order for the client to generate key and csr file;

Openssl genrsa -des3 -out client.key 1024

Openssl req -new -key client.key -out client.csr

Third, generate the CA certificate file

The server.csr and client.csr files must have a CA signature to form the certificate.

1. First generate the CA key file:

Openssl genrsa -des3 -out ca.key 1024

2. Generate a CA self-signed certificate:

Openssl req -new -x509 -key ca.key -out ca.crt

You can add a certificate expiration time option "-days 365".

Fourth, the use of CA certificate signature

With the generated CA certificate for the server.csr, client.csr file signature, the use of openssl in the CA.pl file

1. When prompted for an existing certificate file, enter the ca.crt certificate file that was generated above;

Ca.pl -newca

2. Generate the server certificate file

Openssl ca -in server.csr -out server.crt -cert ca.crt -keyfile ca.key -config openssl.cnf

3. Generate the client certificate file

Openssl ca -in client.csr -out client.crt -cert ca.crt -keyfile ca.key -config openssl.cnf

Must ensure that openssl.cnf in the current directory, this file can be found in the apps directory.

Fifth, the possible errors

Error 1:

Error loading the config file 'openssl.cnf'


Find. -name "openssl.c *"

Cp /usr/local/ssl/openssl.cnf ./

Error 2:


Touch demoCA / serial

Echo "00"> demoCA / serial

OpenSSL provides FTP + SSL / TLS authentication
- Teach you how to synchronize Microsoft OneDrive in Linux (Linux)
- Seven kinds of DDoS attack methods and techniques Defensive (Linux)
- MySQL 5.7.10 source code for the latest version of the installation process in detail (Database)
- To build PHP environment (Nginx + MariaDB + PHP7) under CentOS 6.5 (Server)
- Oracle 10g relations with the constraint of column properties NULLABLE (Database)
- Java objects to garbage collection (Programming)
- Linux gprof oprofiling and performance testing tools (Linux)
- The principle Httpclient4.4 (execution request) (Programming)
- Linux install the Java Runtime Environment and the output Hello World under (CentOS) (Linux)
- Mongo-connector integrated MongoD to achieve incremental Solr index (Server)
- Restrict console access to Linux servers to improve security (Linux)
- Linux Getting Started tutorial: build your own Vim (Linux)
- Why learn and use C language (Programming)
- Use PuTTY to access the virtual machine Linux under Windows xp (Programming)
- JSON data normalization (normalize) (Programming)
- Three kinds of implementation model of the Linux thread history (Programming)
- Linux Bash share tips for getting started (Linux)
- How to use Aptik to backup and restore Apps/PPAs under ubuntu (Linux)
- JavaScript: understanding regular expressions (Programming)
- Nginx version information hidden or modified (Server)
  CopyRight 2002-2022 newfreesoft.com, All Rights Reserved.