【openssl学习笔记】SSL Server Cert制作
来源:互联网 发布:数据部经理职责 编辑:程序博客网 时间:2024/05/19 12:12
openssl.cfg配置:
Key Usage
Key usage is a multi valued extension consisting of a list of names of the permitted key usages.
The supporte names are: digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment, keyAgreement, keyCertSign, cRLSign, encipherOnly and decipherOnly.
Examples:
keyUsage=digitalSignature, nonRepudiation
keyUsage=critical, keyCertSign
Extended Key Usage
This extensions consists of a list of usages indicating purposes for which the certificate public key can be used for,
These can either be object short names of the dotted numerical form of OIDs. While any OID can be used only certain values make sense. In particular the following PKIX, NS and MS values are meaningful:
Value Meaning ----- ------- serverAuth SSL/TLS Web Server Authentication. clientAuth SSL/TLS Web Client Authentication. codeSigning Code signing. emailProtection E-mail Protection (S/MIME). timeStamping Trusted Timestamping msCodeInd Microsoft Individual Code Signing (authenticode) msCodeCom Microsoft Commercial Code Signing (authenticode) msCTLSign Microsoft Trust List Signing msSGC Microsoft Server Gated Crypto msEFS Microsoft Encrypted File System nsSGC Netscape Server Gated Crypto
Examples:
extendedKeyUsage=critical,codeSigning,1.2.3.4 extendedKeyUsage=nsSGC,msSGC
证书制作步骤:
1、生成自签名CA证书
openssl req -new -x509 -keyout ca.pem -out ca.crt -config openssl.cfg
2、生成ssl server key
openssl genrsa -aes256 -out server.pem -rand openssl.cfg 2048
3、生成ssl server cert csr
openssl req -new -key server.pem -config openssl.cfg -out server.csr
4、生成ssl server cert
openssl ca -in server.csr -out server.crt -config openssl.cfg
5、转换带pass的private key为不带pass的private key
openssl rsa -in server.pem -out server-no.pem
- 【openssl学习笔记】SSL Server Cert制作
- SSL Server cert and client no cert
- 【WCF学习笔记】Cert Configuration
- 制作SSL证书-openssl命令
- SSL/OPENSSL笔记
- Simple SSL cert - HOWTO
- 用openssl为apache制作ssl证书
- 用openssl为apache制作ssl证书
- openssl 学习之SSL/TLS
- openssl 学习之SSL/TLS
- openssl代码学习记录-SSL
- 记openssl 制作流程笔记
- weblogic https openssl制作证书及服务器ssl配置
- https server with openssl 笔记
- openssl学习笔记
- OpenSSL学习笔记-简介
- Howto: Make Your Own Cert With OpenSSL
- 【Nova】nova-cert学习
- 如果让我完善几年前的一个项目,我会做哪些改进?
- java+ztree实现拖拽保存
- 有关 freetype 字体显示
- 修改Eclipse默认编码格式
- Flex实例【Shangle.net】解析【一】
- 【openssl学习笔记】SSL Server Cert制作
- C#线程开发:winform简单的C#线程开发实例
- pring 3.0 注解注入讲解二
- windows下 cmd 添加设置任务计划
- css怎么控制文字与文字之间的距离
- 亲自动手~用VC++做DLL
- JVM options
- cocos2d-x hellolua 输出log
- 使用gradlew 编译出现permisson denied的情况