openssl证书请求和自签名
来源:互联网 发布:基金软件手机版 编辑:程序博客网 时间:2024/06/05 08:13
### 目录
- 概念
- PKICAX509
- 证书获取
- 获取证书两种方法
- 安全协议
- SSL和TLS协议
- OpenSSL
- OpenSSL开源项目
- OpenSSL命令
- 对称加密enc
- 单向加密dgst
- 生成用户密码和随机数
- 生成密码对儿man genresa
- 随机数生成器伪随机数字
- 建立私有CA
- 创建所需要的文件
- CA自签证书
- 生成自签名证书
- 生成证书的各字段详解
- 证书申请过程
- 证书申请及签署步骤
- 创建CA和申请证书
- 在需要使用证书的主机生成证书请求
- RA核验与CA签署
- 获取证书
- 吊销证书
- 在客户端获取要吊销的证书的serial
- 在CA上根据客户提交的serial与subject信息对比检验是否与indextxt文件中的信息一致吊销证书
- 指定第一个吊销证书的编号
- 更新证书吊销列表
- 概念
概念:
PKI、CA、X.509
PKI: Public Key Infrastructure
公开密钥基础建设: 是一组由硬件、软件、参与者、管理政策与流程组成的基础架构,其目的在于创造、管理、分配、使用、存储以及撤销数字证书。
X.509: 是由ITU-T为了公开密钥基础建设(PKI)与授权管理基础建设(PMI)提出的产业标准。X.509标准,规范了公开密钥认证、证书吊销列表、授权证书、证书路径验证算法等。
CA: 数字证书认证机构(英文全称:Catificate Authority)。主要负责:证书发放、证书更新、证书撤销和证书验证。
证书获取
获取证书两种方法:
使用证书授权机构
- 生成签名请求(csr
)
- 将csr
发送给CA
- 从CA
处接收签名
自签名的证书
- 自已签发自己的公钥
安全协议
SSL和TLS协议
SSL(Secure Sockets Layer 安全套接层),及其继任者传输层安全(Transport Layer Security,TLS)是为网络通信提供安全及数据完整性的一种安全协议。TLS与SSL在传输层对网络连接进行加密。
Handshake
协议:包括协商安全参数和密码套件、服务器身份认证(客户端身份认证可选)、密钥交换ChangeCipherSpec
协议:一条消息表明握手协议已经完成Alert
协议:对握手协议中一些异常的错误提醒,分为fatal``和``warning``两个级别,
fatal类型错误会直接中断
SSL链接,而
warning级别的错误
SSL`链接仍可继续,只是会给出错误警告Record
协议:包括对消息的分段、压缩、消息认证和完整性保护、加密等HTTPS
协议:就是“HTTP 协议”
和“SSL/TLS 协议
”的组合。HTTP over SSL”
或“HTTP over TLS”
,对http
协议的文本数据进行加密处理后,成为二进制形式传输
OpenSSL
OpenSSL:开源项目
OpenSSL
是一个安全套接字层密码库,囊括主要的密码算法、常用的密钥和证书封装管理功能及SSL
协议,并提供丰富的应用程序供测试或其它目的使用。
三个组件:
openssl
: 多用途的命令行工具,包openssl
libcrypto
: 加密算法库,包openssl-libs
libssl
:加密模块应用库,实现了ssl
及tls
,包nss
OpenSSL命令:
- 两种运行模式:交互模式和批处理模式
openssl version
:查看OpenSSL
程序版本号- 标准命令:enc
(对称加密),
ca(签署证书),
req`(生成自签名证书), …
对称加密enc:
- 工具:
openssl enc
,gpg
- 算法:
3des
,aes
,blowfish
,twofish
enc
命令: - 帮助:
man enc
加密:
openssl enc -e -des3 -a -salt -in testfile -out testfile.cipher
[root@centos7 app]# openssl enc -e -des3 -a -salt -in testfile -out testfile.cipher #<==使用des3算法对testfile文件加密,输出为testfile.cipher enter des-ede3-cbc encryption password: #<==输入密码Verifying - enter des-ede3-cbc encryption password: #<==再次输入密码[root@centos7 app]# cat testfile testfile.cipher #<==查看加密和未加密的文件this is a test fileU2FsdGVkX1/a0QHbk2ol6aB39zpO7+yS2cZ+jI7YqUQiKfGhC4SqZg==
解密:
openssl enc -d -des3 -a -salt –in testfile.cipher-out testfile
[root@centos7 app]# rm -f testfile #<==删除testfile文件[root@centos7 app]# openssl enc -d -des3 -a -salt -in testfile.cipher -out testfile #<==使用des3算法对testfile.cipher文件enter des-ede3-cbc decryption password: #<==输入密码[root@centos7 app]# ls testfile testfile.cipher[root@centos7 app]# cat testfile #<==查看testfile内容和原来是一样的。this is a test file
单向加密dgst
单向加密:
工具:
md5sum
,sha1sum
,sha224sum
,sha256sum
openssl dgst…
dgst命令:
man dgst`
帮助:openssl dgst -md5 [-hex默认] /PATH/SOMEFILE
openssl dgst -md5 testfile
md5sum /PATH/TO/SOMEFILE
[root@centos7 app]# openssl dgst -md5 testfile #<==计算testfile的md5MD5(testfile)= 4221d002ceb5d3c9e9137e495ceaa647[root@centos7 app]# openssl dgst -md5 -hex testfile #<==-hex是转换为16进制(默认)MD5(testfile)= 4221d002ceb5d3c9e9137e495ceaa647 [root@centos7 app]# md5sum testfile #<==计算testfile的md54221d002ceb5d3c9e9137e495ceaa647 testfile
生成用户密码和随机数:
生成用户密码:
passwd
命令:帮助:
man sslpasswd
openssl passwd -1 -salt SALT
(最多8位)openssl passwd -1 –salt centos
[root@centos7 app]# openssl passwd -1 -salt 12345678 #<==生成openssl对passwd密码加密并加盐Password: $1$12345678$tRy4cXc3kmcfRZVj4iFXr/[root@centos7 app]# openssl passwd -1 -salt 123456789 #<==注:盐最多8位,如果输入9位是不显示的Password: $1$12345678$tRy4cXc3kmcfRZVj4iFXr/
生成随机数:
帮助:
man sslrand
openssl rand -base64|-hex NUM
NUM
: 表示字节数;hex
时,每个字符为十六进制,相当于4位二进制,出现的字符数为NUM*2
[root@centos7 app]# openssl rand -hex 16 #<==生成的是32位的随机数5666c7c5f5369120f0c8c3254fa82abe[root@centos7 app]# openssl rand -base64 16 #<==生成的是16位的随机数EHpDSxUBcX/uCvYBfhW61w==[root@centos7 app]# openssl rand -base64 -hex 16 #<==-hex和-base64是不能放在一块使用的Usage: rand [options] num
生成密码对儿:man genresa
生成私钥:
- openssl genrsa -out /PATH/TO/PRIVATEKEY.FILE NUM_BITS
- (umask 077; openssl genrsa –out test.key –des 2048)
从私钥中提取出公钥
- openssl rsa -in PRIVATEKEYFILE –pubout –out PUBLICKEYFILE
Openssl rsa –in test.key –pubout –out test.key.pub
[root@centos7 app]# (umask 077 ; openssl genrsa -out test.key -des3 2048) #<==生成私钥,其权限为600Generating RSA private key, 2048 bit long modulus................................+++.........+++e is 65537 (0x10001)Enter pass phrase for test.key:Verifying - Enter pass phrase for test.key:[root@centos7 app]# openssl rsa -in test.key -pubout -out test.key.pub #<==从私钥中,提取出公钥Enter pass phrase for test.key:writing RSA key[root@centos7 app]# ll #<==查看生成的私钥和提取出来的公钥total 8-rw-------. 1 root root 1751 Sep 9 21:29 test.key-rw-r--r--. 1 root root 451 Sep 9 21:30 test.key.pub
随机数生成器:伪随机数字
键盘和鼠标
块设备中断:cp一个大文件可以生成很多随机数
/dev/random
:仅从熵池返回随机数;随机数用尽,阻塞/dev/urandom
:从熵池返回随机数;随机数用尽,会利用软件生成伪随机数,非阻塞[root@centos6 script]# head /dev/urandom | cksum #<==通过/dev/urandom配合cksum生成随机数1712568099 3350[root@centos6 script]# head /dev/urandom | cksum 1558657086 1998
建立私有CA
openssl
的配置文件:/etc/pki/tls/openssl.cnf
- 三种策略: 匹配、支持和可选
- 匹配指要求申请填写的信息跟
CA
设置信息必须一致, 支持指必须填写这项申请信息, 可选指可有可无
1. 创建所需要的文件
touch /etc/pki/CA/index.txt
生成证书索引数据库文件 echo 01 > /etc/pki/CA/serial
指定第一个颁发证书的序列号
2. CA自签证书
生成私钥 cd /etc/pki/CA/
(umask 066; openssl genrsa -out /etc/pki/CA/private/cakey.pem 2048)
3. 生成自签名证书
openssl req -new -x509 –key
/etc/pki/CA/private/cakey.pem -days 7300 -out /etc/pki/CA/cacert.pem
-new
: 生成新证书签署请求
-x509
: 专用于CA
生成自签证书
-key
: 生成请求时用到的私钥文件
-days n
:证书的有效期限
-out /PATH/TO/SOMECERTFILE
: 证书的保存路径
4. 生成证书的各字段详解:
[root@centos7 ~]# touch /etc/pki/CA/index.txt #<==生成证书索引数据库文件[root@centos7 ~]# echo 01 > /etc/pki/CA/serial #<==指定第一个颁发证书的序列号[root@centos7 ~]# cd /etc/pki/CA/ [root@centos7 CA]# (umask 066 ; openssl genrsa -out /etc/pki/CA/private/cakey.pem 2048) #<== 生成私钥Generating RSA private key, 2048 bit long modulus.................................+++......................................+++e is 65537 (0x10001)[root@centos7 CA]# openssl req -new -x509 -key /etc/pki/CA/private/cakey.pem -days 7300 -out /etc/pki/CA/cacert.pem #<==生成自签名证书You are about to be asked to enter information that will be incorporatedinto your certificate request.What you are about to enter is what is called a Distinguished Name or a DN.There are quite a few fields but you can leave some blankFor some fields there will be a default value,If you enter '.', the field will be left blank.-----Country Name (2 letter code) [XX]:CN State or Province Name (full name) []:beijing Locality Name (eg, city) [Default City]:haidian Organization Name (eg, company) [Default Company Ltd]:iav18.com Organizational Unit Name (eg, section) []:opt Common Name (eg, your name or your server's hostname) []:ca.iav18.com Email Address []:
证书申请过程:
证书申请及签署步骤:
- 生成申请请求
RA
核验CA
签署- 获取证书
创建CA和申请证书
1. 在需要使用证书的主机生成证书请求
给web
服务器生成私钥
(umask 066; openssl genrsa -out /etc/pki/tls/private/test.key 2048)
生成证书申请文件
openssl req -new -key /etc/pki/tls/private/test.key -days 365 -out etc/pki/tls/test.csr
将证书请求文件传输给CA
[root@centos6 ~]# (umask 066 ; openssl genrsa -out /etc/pki/tls/private/test.key 2048) #<== 生成私钥Generating RSA private key, 2048 bit long modulus...............................................+++..................................................................................................................................+++e is 65537 (0x10001)[root@centos6 ~]# openssl req -new -key /etc/pki/tls/private/test.key -days 365 -out /etc/pki/tls/test.csr #<==生成证书申请文件[root@centos6 ~]# openssl req -new -key /etc/pki/CA/private/test.key -out test.csr You are about to be asked to enter information that will be incorporatedinto your certificate request.What you are about to enter is what is called a Distinguished Name or a DN.There are quite a few fields but you can leave some blankFor some fields there will be a default value,If you enter '.', the field will be left blank.-----Country Name (2 letter code) [XX]:CN #<==此项必须一样State or Province Name (full name) []:beijing #<==此项必须一样Locality Name (eg, city) [Default City]:caoyangOrganization Name (eg, company) [Default Company Ltd]:iav18.com #<==此项必须一样Organizational Unit Name (eg, section) []:optCommon Name (eg, your name or your server's hostname) []:www.ihaiyun.comEmail Address []:Please enter the following 'extra' attributesto be sent with your certificate requestA challenge password []: #<==是否添加密码An optional company name []: #<==公司名称[root@centos6 ~]# scp test.csr 192.168.8.129:/etc/pki/CA #<==将证书请求文件传输给CAroot@192.168.8.129's password: test.csr 100% 1013 1.0KB/s 00:00
2. RA
核验与CA
签署
CA
签署证书
openssl ca -in /tmp/test.csr –out /etc/pki/CA/certs/test.crt -days 365
同一个请求默认是不能签署两次的,修改配文件也能允许修改两次(还未截图,需要截图)
注意:默认国家,省,公司名称三项必须和CA
一致
[root@centos7 CA]# openssl ca -in /etc/pki/CA/test.csr -out /etc/pki/CA/certs/test.crt #<==CA签署认证Using configuration from /etc/pki/tls/openssl.cnfCheck that the request matches the signatureSignature okCertificate Details: Serial Number: 1 (0x1) Validity Not Before: Sep 9 16:31:14 2017 GMT Not After : Sep 9 16:31:14 2018 GMT Subject: countryName = CN stateOrProvinceName = beijing localityName = caoyang organizationName = iav18.com organizationalUnitName = opt commonName = www.ihaiyun.com X509v3 extensions: X509v3 Basic Constraints: CA:FALSE Netscape Comment: OpenSSL Generated Certificate X509v3 Subject Key Identifier: C6:DC:8C:69:C1:5F:D2:53:D3:F4:74:D7:AE:4F:0D:8E:4E:5D:3B:13 X509v3 Authority Key Identifier: keyid:58:76:AE:27:21:CB:7F:FF:7F:BC:B7:BA:31:72:E2:BF:12:AF:78:6ACertificate is to be certified until Sep 9 16:31:14 2018 GMT (365 days)Sign the certificate? [y/n]:y1 out of 1 certificate requests certified, commit? [y/n]yWrite out database with 1 new entriesData Base Updated[root@centos7 CA]# tree .├── cacert.pem├── certs│ └── test.crt #<==可以看到证书生成到certs目录下├── crl├── index.txt├── index.txt.attr├── index.txt.old├── newcerts│ └── 01.pem #<==此处也是证书├── private│ └── cakey.pem├── serial├── serial.old└── test.csr4 directories, 10 files[root@centos7 CA]# diff certs/test.crt newcerts/01.pem #<==比较这两个文件是相同的
3. 获取证书
安装证书:需要在客户端安装
[root@centos7 CA]# scp certs/test.crt 192.168.8.128:/etc/pki/tls/certs #<==复制证书到客户端root@192.168.8.128's password: test.crt 100% 4508 4.4KB/s 00:00 [root@centos6 ~]# ls -l /etc/pki/tls/certs/test.crt #<==在客户端确认证书是否存在-rw-r--r--. 1 root root 4508 Sep 10 00:17 /etc/pki/tls/certs/test.crt
查看证书中的信息:
openssl x509 -in /PATH/FROM/CERT_FILE -noout -text|issuer|subject|serial|dates
penssl ca -status SERIAL
查看指定编号的证书状态
[root@centos6 ~]# openssl x509 -in /etc/pki/tls/certs/test.crt -text #<==查看证书内容Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: sha256WithRSAEncryption Issuer: C=CN, ST=beijing, L=haidian, O=iav18.com, OU=opt, CN=ca.iav18.com Validity Not Before: Sep 9 16:31:14 2017 GMT Not After : Sep 9 16:31:14 2018 GMT Subject: C=CN, ST=beijing, L=caoyang, O=iav18.com, OU=opt, CN=www.ihaiyun.com Subject Public Key Info: Public Key Algorithm: rsaEncryption Public-Key: (2048 bit) Modulus: 00:de:2c:75:19:dd:13:a2:14:ac:9d:2e:23:59:43: 1e:3e:68:40:2b:0f:98:a4:10:23:9d:62:5e:bb:af: 51:e6:f2:ff:a6:3a:87:df:7c:a7:05:33:7c:16:86: 5d:6b:c7:c6:19:bb:71:2c:1e:0a:3d:13:61:6b:ae: 47:5b:08:b3:66:c7:60:44:5d:14:d9:e0:50:64:26: 40:24:3f:a2:4b:6a:a1:19:e6:6f:5c:76:1e:7e:81: 91:b7:ca:97:66:50:dc:40:4b:2f:3d:d3:1b:b8:26: 79:4d:00:69:d9:8c:51:3e:24:36:14:14:33:a2:86: 57:ed:70:6c:52:b8:0a:c2:5a:51:9b:36:5b:33:72: 79:cd:13:1d:a4:13:64:5b:20:46:04:a2:62:e8:0b: e9:06:5f:04:b4:3a:b9:15:b0:14:f5:a1:5d:29:3a: 71:9c:bb:5b:b5:7a:77:c5:72:fc:b9:79:e9:df:07: 91:6c:df:60:b2:41:72:6b:9d:2c:54:b5:35:dc:84: de:a4:1b:80:15:48:16:40:c2:42:95:bb:ff:0e:d0: 66:22:01:4e:02:30:64:53:13:7a:75:5d:37:58:50: df:33:e7:72:f2:97:66:ac:90:ed:22:73:84:ac:88: c7:dd:0e:1c:86:ce:18:bf:2f:fe:b0:c4:42:bb:a9: b1:a9 Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Basic Constraints: CA:FALSE Netscape Comment: OpenSSL Generated Certificate X509v3 Subject Key Identifier: C6:DC:8C:69:C1:5F:D2:53:D3:F4:74:D7:AE:4F:0D:8E:4E:5D:3B:13 X509v3 Authority Key Identifier: keyid:58:76:AE:27:21:CB:7F:FF:7F:BC:B7:BA:31:72:E2:BF:12:AF:78:6A Signature Algorithm: sha256WithRSAEncryption 9a:12:6a:92:f7:c1:b3:fb:fe:2b:f5:89:24:86:b4:b0:8f:af: 8d:c7:06:92:aa:76:6b:f8:6b:5c:45:5f:21:41:a8:e0:41:00: f7:57:51:55:88:f9:0f:cc:2b:7d:c0:b0:99:65:d4:f4:56:e0: 39:3b:bf:45:db:f1:4a:80:7a:d5:2e:1c:0f:ac:9b:02:ac:28: 70:19:6d:ba:36:c7:56:0b:7e:96:ea:55:ae:e3:f0:5c:2a:10: f4:7e:ea:60:48:63:9e:04:26:d2:92:76:d7:f2:9a:3a:8e:5a: 20:aa:69:20:d9:25:ec:f5:3d:91:c3:84:fb:8c:50:bf:93:47: ff:9a:3e:1a:f2:da:9e:36:f2:3f:81:a8:cc:d5:23:19:ad:b3: ee:e2:87:ca:3f:10:3f:9c:bf:72:bd:9c:c8:73:56:28:1f:75: fb:f5:10:16:37:6f:ce:b7:56:68:49:e5:8b:24:9c:02:63:67: bb:e0:7c:7b:06:f1:82:1a:59:21:06:d9:9f:8d:e4:4e:e6:25: cf:96:40:9a:39:69:8b:7e:70:aa:df:93:40:66:e8:8e:3b:52: c6:58:2a:ad:54:a6:1d:a2:e6:b6:0a:1d:c3:9c:92:b1:c6:2b: 7d:30:3a:42:36:57:4a:9e:d9:b0:75:05:9d:19:4b:cf:eb:8d: 9a:61:0a:b7-----BEGIN CERTIFICATE-----MIIDzTCCArWgAwIBAgIBATANBgkqhkiG9w0BAQsFADBqMQswCQYDVQQGEwJDTjEQMA4GA1UECAwHYmVpamluZzEQMA4GA1UEBwwHaGFpZGlhbjESMBAGA1UECgwJaWF2MTguY29tMQwwCgYDVQQLDANvcHQxFTATBgNVBAMMDGNhLmlhdjE4LmNvbTAeFw0xNzA5MDkxNjMxMTRaFw0xODA5MDkxNjMxMTRaMG0xCzAJBgNVBAYTAkNOMRAwDgYDVQQIDAdiZWlqaW5nMRAwDgYDVQQHDAdjYW95YW5nMRIwEAYDVQQKDAlpYXYxOC5jb20xDDAKBgNVBAsMA29wdDEYMBYGA1UEAwwPd3d3LmloYWl5dW4uY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3ix1Gd0TohSsnS4jWUMePmhAKw+YpBAjnWJeu69R5vL/pjqH33ynBTN8FoZda8fGGbtxLB4KPRNha65HWwizZsdgRF0U2eBQZCZAJD+iS2qhGeZvXHYefoGRt8qXZlDcQEsvPdMbuCZ5TQBp2YxRPiQ2FBQzooZX7XBsUrgKwlpRmzZbM3J5zRMdpBNkWyBGBKJi6AvpBl8EtDq5FbAU9aFdKTpxnLtbtXp3xXL8uXnp3weRbN9gskFya50sVLU13ITepBuAFUgWQMJClbv/DtBmIgFOAjBkUxN6dV03WFDfM+dy8pdmrJDtInOErIjH3Q4chs4Yvy/+sMRCu6mxqQIDAQABo3sweTAJBgNVHRMEAjAAMCwGCWCGSAGG+EIBDQQfFh1PcGVuU1NMIEdlbmVyYXRlZCBDZXJ0aWZpY2F0ZTAdBgNVHQ4EFgQUxtyMacFf0lPT9HTXrk8Njk5dOxMwHwYDVR0jBBgwFoAUWHauJyHLf/9/vLe6MXLivxKveGowDQYJKoZIhvcNAQELBQADggEBAJoSapL3wbP7/iv1iSSGtLCPr43HBpKqdmv4a1xFXyFBqOBBAPdXUVWI+Q/MK33AsJll1PRW4Dk7v0Xb8UqAetUuHA+smwKsKHAZbbo2x1YLfpbqVa7j8FwqEPR+6mBIY54EJtKSdtfymjqOWiCqaSDZJez1PZHDhPuMUL+TR/+aPhry2p428j+BqMzVIxmts+7ih8o/ED+cv3K9nMhzVigfdfv1EBY3b863VmhJ5YsknAJjZ7vgfHsG8YIaWSEG2Z+N5E7mJc+WQJo5aYt+cKrfk0Bm6I47UsZYKq1Uph2i5rYKHcOckrHGK30wOkI2V0qe2bB1BZ0ZS8/rjZphCrc=-----END CERTIFICATE-----
吊销证书
1. 在客户端获取要吊销的证书的serial
openssl x509 -in /PATH/FROM/CERT_FILE -noout -serial -subject
[root@centos6 ~]# openssl x509 -in /etc/pki/tls/certs/test.crt -noout -serial -subjectserial=01subject= /C=CN/ST=beijing/L=caoyang/O=iav18.com/OU=opt/CN=www.ihaiyun.com
2. 在CA上,根据客户提交的serial
与subject
信息,对比检验是否与index.txt
文件中的信息一致,吊销证书:
openssl ca -revoke /etc/pki/CA/newcerts/SERIAL.pem
[root@centos7 CA]# openssl ca -revoke /etc/pki/CA/newcerts/01.pem Using configuration from /etc/pki/tls/openssl.cnfRevoking Certificate 01.Data Base Updated
3. 指定第一个吊销证书的编号
注意:第一次更新证书吊销列表前,才需要执行
echo 01 > /etc/pki/CA/crlnumber
[root@centos7 CA]# echo 01 > /etc/pki/CA/crlnumber
4. 更新证书吊销列表
更新证书吊销列
openssl ca -gencrl -out /etc/pki/CA/crl/crl.pem
查看crl文件:
openssl crl -in /etc/pki/CA/crl/crl.pem -noout -text
[root@centos7 CA]# openssl ca -gencrl -out /etc/pki/CA/crl/crl.pem #<==更新证书吊销列表Using configuration from /etc/pki/tls/openssl.cnf[root@centos7 CA]# openssl crl -in /etc/pki/CA/crl/crl.pem -noout -text #<==查看crl文件Certificate Revocation List (CRL): Version 2 (0x1) Signature Algorithm: sha256WithRSAEncryption Issuer: /C=CN/ST=beijing/L=haidian/O=iav18.com/OU=opt/CN=ca.iav18.com Last Update: Sep 9 17:10:46 2017 GMT Next Update: Oct 9 17:10:46 2017 GMT CRL extensions: X509v3 CRL Number: 1Revoked Certificates: Serial Number: 01 Revocation Date: Sep 9 17:07:32 2017 GMT Signature Algorithm: sha256WithRSAEncryption 0c:64:a1:42:af:0d:e0:32:f3:3c:29:80:bb:cf:a3:10:dc:e4: b5:61:f1:8c:c0:a2:8d:92:03:82:83:0a:b2:5f:e7:37:a1:7d: e2:e9:a7:3c:4b:95:e3:0e:57:b7:f3:af:cf:ba:7c:ce:e6:a5: be:cc:78:cb:2b:3e:73:a7:0e:c8:d8:f7:a5:5b:5b:61:70:fe: 94:1a:41:6f:cb:fb:29:5d:04:56:e4:a1:44:85:d9:69:56:a5: 01:2e:a1:f8:35:97:e3:ba:91:31:ab:e3:9b:f7:e2:34:03:3b: 9e:b7:19:8c:96:cd:89:e7:47:42:49:5b:8e:24:e6:10:d5:4b: e6:8d:c2:73:42:e5:eb:a9:87:6b:20:52:66:47:f4:55:2b:09: 78:a6:d0:17:0d:39:d2:6b:4e:c4:d4:61:98:31:28:19:d3:b7: c1:3f:08:09:2b:61:b7:87:a3:f4:4a:10:fa:59:e8:6f:06:db: 8d:89:7c:10:29:fc:bc:37:52:4b:35:48:1c:4d:af:a9:fd:f2: 38:69:d7:e0:4f:45:98:61:f8:03:cf:ca:a5:8e:3b:f2:ca:0d: d7:b0:de:81:ec:65:8f:39:41:1d:f1:98:46:6a:a9:3d:7e:72: b1:13:4d:fd:e6:a8:20:57:06:e7:51:98:dd:e1:a1:49:95:5c: 9c:ce:10:0f
- openssl证书请求和自签名
- openssl req 证书请求及自签名证书
- openssl req 证书请求及自签名证书
- openssl自签名根证书服务端和客户端证书制作
- 用openssl自签名证书
- openssl自签名的证书
- openssl创建自签名证书
- openssl创建自签名证书
- OpenSSL生成自签名证书
- openssl生成自签名证书
- openssl 生成自签名证书
- 通过Easyrsa和Openssl制作自签名证书
- 使用 Openssl 验证自签名证书
- 使用 Openssl 验证自签名证书
- 转载记录一下,openssl自签名证书
- 用OpenSSL做自签名的证书
- centos6 openssl生成自签名证书
- CentOS通过OpenSSL生成自签名证书
- 数据结构之栈的应用(2)回文序列
- 1016划拳(模拟)
- 转盘红包的学习记录
- ids for this class must be manually assigned before calling save():
- Error:A problem occurred configuring project ':app'.
- openssl证书请求和自签名
- 657. Judge Route Circle
- React Native 字符串加密 base64
- 图像处理--颜色变换
- 在Eclipse中如何关联源代码
- 很多friend,j2ee的web项目搞了这么多年,为什么从来没用到过多线程?自己从来没有动手自己写过多线程?
- 陌陌面试
- 使用express+mockjs搭建服务器和模拟数据
- ubuntu下cpu数,核心数,线程数的关系