openssl req和x509命令及配置文件
来源:互联网 发布:php在线帮助文档系统 编辑:程序博客网 时间:2024/06/06 10:38
1. req 命令及配置
openssl req -utf8 -new -config client/req.cnf -key client/client-key.pem -sha1 -out client/client-req.csr
client/req.cnf文件内容:
[req]
prompt = no
distinguished_name = dn
input_password = 123456
[dn]
O = 企业名称
1.OU = 部门名称1
2.OU = 部门名称2
emailAddress = 邮箱地址
CN = 用户名称
2. x509命令及配置
openssl x509 -req -in client/client-req.csr -out client/client-cert.pem -extfile client/x509.cnf -sha1 -CA ca/ca-cert.pem -CAkey ca/ca-key.pem -CAcreateserial -days 365
client/x509.cnf文件内容:
extensions = ext
[ext]
# Extensions to add to a certificate request
basicConstraints = CA:FALSE
keyUsage = nonRepudiation, digitalSignature, keyEncipherment
#subjectAltName = otherName:1.3.6.1.4.1.311.20.2.3;UTF8:名称
#subjectAltName = DNS:www.feistyduck.com,DNS:feistyduck.com
subjectAltName = @alt_names
[alt_names]
#DNS.1 = www.foo.com
#DNS.2 = www.bar.org
#IP.1 = 192.168.1.1
#IP.2 = 192.168.69.144
#email = test@test.com
otherName = 1.3.6.1.4.1.311.20.2.3;UTF8:名称
3. 证书生成完整命令
// 生成ca证书
// 生成密钥
openssl genrsa -out ca/ca-key.pem 2048
openssl dsaparam -out ca/dsa.pem 2048
openssl gendsa -out ca/ca-key.pem ca/dsa.pem
// 生成请求
openssl req -utf8 -new -config ca/ca.cnf -key ca/ca-key.pem -sha1 -out ca/ca-req.csr
// 查看请求(可选)
openssl req -text -in ca/ca-req.csr -noout
// 自签署证书
openssl x509 -req -in ca/ca-req.csr -out ca/ca-cert.pem -signkey ca/ca-key.pem -sha1 -days 365
// 检查证书(可选)
openssl x509 -text -in ca/ca-cert.pem -noout
// 导出证书
openssl pkcs12 -export -clcerts -in ca/ca-cert.pem -inkey ca/ca-key.pem -out ca/ca.p12
openssl genrsa -out ca/ca-key.pem 2048
openssl req -utf8 -new -config ca/ca.cnf -key ca/ca-key.pem -sha1 -out ca/ca-req.csr
openssl x509 -req -in ca/ca-req.csr -out ca/ca-cert.pem -signkey ca/ca-key.pem -sha1 -days 365
openssl pkcs12 -export -clcerts -in ca/ca-cert.pem -inkey ca/ca-key.pem -out ca/ca.p12
// 生成client证书
// 生成密钥
openssl genrsa -out client/client-key.pem 2048
// 生成请求
openssl req -utf8 -new -config client/req.cnf -key client/client-key.pem -sha1 -out client/client-req.csr
// 查看请求(可选)
openssl req -text -in client/client-req.csr -noout
// 自签署证书
openssl x509 -req -in client/client-req.csr -out client/client-cert.pem -extfile client/x509.cnf -sha1 -CA ca/ca-cert.pem -CAkey ca/ca-key.pem -CAcreateserial -days 365
// 检查证书(可选)
openssl x509 -text -in client/client-cert.pem -noout
// 导出证书
openssl pkcs12 -export -clcerts -in client/client-cert.pem -inkey client/client-key.pem -out client/client.p12
openssl genrsa -out client/client-key.pem 2048
openssl req -utf8 -new -config client/req.cnf -key client/client-key.pem -sha1 -out client/client-req.csr
openssl x509 -req -in client/client-req.csr -out client/client-cert.pem -extfile client/x509.cnf -sha1 -CA ca/ca-cert.pem -CAkey ca/ca-key.pem -CAcreateserial -days 365
openssl pkcs12 -export -clcerts -in client/client-cert.pem -inkey client/client-key.pem -out client/client.p12
- openssl req和x509命令及配置文件
- OpenSSL命令---req
- OpenSSL命令--x509
- openssl的x509命令简单入门
- openssl req 证书请求及自签名证书
- openssl req 证书请求及自签名证书
- openssl简介-指令x509
- OpenSSL之X509系列
- OPENSSL X509证书验证
- OPENSSL X509证书验证
- openssl gmssl x509 证书
- openssl简介-指令req
- Openssl生成导入X509证书
- openssl简介-指令x509
- iOS中使用Openssl X509证书进行字符串签名和验签
- OpenSSL生成v3证书方法及配置文件
- Openssl 对x509证书有效性进行验证
- 获取 X509 证书的 Version 信息 (openssl)
- OpenGL超级宝典Windows + VS2013开发环境配置
- Google分析统计
- 2.RPC框架的简单实现(定义自己的ldubbo命名空间)
- 我的博客发表练习
- subic项目总结(二)-quartz中的三种JobStore
- openssl req和x509命令及配置文件
- 1007. 素数对猜想 (20)
- 反汇编定位代码崩溃位置_4
- 解决listview中的textview设置了setMovementMethod导致onItemclick无效的问题
- OPatch failed with error code 73
- c#映射数据库中表的实体类
- hdu 4345 Permutation(dp)
- css 中 强制不换行和超出省略
- scss中文注释