Alibabacloud.com offers a wide variety of articles about openssl create server certificate, easily find your openssl create server certificate information here online.
any directory, any folder name
/home/gouxu/gx/key/ 2. Go to the newly created folder key
cd/home/gouxu/gx/key/ 3. Generate CA Private key
OpenSSL genrsa-out Ca.key 2048
Parameter description:
GENRSA: Generate RSA secret key;
The key file generated by-out Ca.key is Ca.key;
2048: Secret key length is 2048. 4. Generating a CA's certificate with the CA private key
OpenSSL
1. After OpenSSL is installed, find OpenSSL. CnF in the/usr/lib/SSL directory (for Ubuntu system, use whereis to check the SSL directory) and copy it to the working directory.
2. Create a New democafolder under the Work directory, create the new files index.txt and serial in the folder, and then
First, you need to understand some basic concepts before installing
1. Certificates used by SSL can be self-generated or signed by a commercial ca such as Verisign or thawte.
2. Certificate concept: First, you must have a root certificate, and then use the root certificate to issue the server
first create a private on the other host CaIf I were to open a different virtual machine now,Log inOne, surviving a pair of keys (the private key and the public key, the public key can be extracted in the private key so that the private key is created)[[Email protected] ~] #cd/ETC/PKI/CA[[Email protected] ca]# (umask 077; opensslgenrsa–out PRIVATE/CAKEY.PEM 2048)second, the generation CA 's Certificate[emai
From: http://blog.csdn.net/aking21alinjuju/article/details/7654097
I. Generate a CA certificate
Currently, the CA of a third-party authority is not used for authentication and serves as the CA.
Prerequisites: Download www.openssl.org from the OpenSSL official website to install OpenSSL [Windows and Linux are different]
Start generating certificates and keys
If no
command in openssl, and call it a certificate request:
# Openssl req-new-x509-key private/cakey. pem-out cacert. pem-days 3650Create two files in the CA Directory:# Touch index.txt serial
OK, the CA certificate is available, and the next step is to sign the certificate for
Use openssl in linux to generate a csrcrchloroform Certificate
This article mainly draws on and references the content of the following two addresses, then tests and runs on the machine, and makes the following records.
Create the test directory mkdir/tmp/create_key/ca cd/tmp/create_key/
Certificate file generation:
I.
completed, you can use the certificate and private key to generate a PFX format certificate to Microsoft, the command is as follows:OpenSSL pkcs12-export-clcerts-in/home/lengshan/server. CRT -inkey/home/lengshan/server. Key -out/ Home/lengshan/server.p125. Issue Client Authentication
need to add this certificate to the keychain, of course you can double-click the Aps_development.cer file and you will find it associated with the private key.To create a PEM file to your current location, you have three files:CSR filePUSHCHATKEY.P12 private Key FileSSL Certificate (Aps_development.cer)Save these three files well. You can throw the CSR away, but
generated above to generate a digital certificate cacert. pem
For the cacert. pem generation process, see "create your own CA through OpenSSL"
With the privkey. pem and cacert. pem files, you can use them in your own program, such as a server that implements encrypted communication.
-------------
Establish your own CA
0. EnvironmentInstallation of Nginx, installation of OpenSSL1. Configuration and scriptingFirst create a demo directory (the location of their own choice, I choose to build in the Nginx directory):mkdir /etc/nginx/ca-/etc/nginx/ca-demoModify the SSL configuration openssl.cnf (also may be openssl.conf, do not know where to find with FIND-NAME/OPENSSL.CNF)Change the Dir property to your previous step self-built directory, do not use relative path , will
have to use OpenSSL for CA. However, although the OpenSSL user interface is prohibitive, its function is probably the most complete one of the various FOSS products. In addition, it is easy to obtain and can be directly used in Debian.Aptitude install OpenSSL can be installed. If Win32 is used, it can be conveniently obtained from the official cygwin image websi
I. Introduction of OpenSSL
OpenSSL is currently the most popular SSL cipher library tool that provides a common, robust, and fully functional suite of tools to support the implementation of the SSL/TLS protocol.Official website: https://www.openssl.org/source/ component cipher algorithm library key and certificate encapsulation management function SSL Communicati
certificate cacert. pem
For the cacert. pem generation process, see"Establish your own ca using OpenSSL"
With the privkey. PEM and cacert. pem files, you can use them in your own program, such as a server that implements encrypted communication.-------------OpenSSLCreate your ownCA
(1) Prepare the environment
First, you need to prepare a directory for stori
certificate is. 1. After OpenSSL is installed, find OpenSSL. CnF in the/usr/lib/SSL directory (for Ubuntu system, use whereis to check the SSL directory) and copy it to the working directory. 2. Create a New democafolder under the Work directory, create the new files in
Create a Test Catalog mkdir/tmp/create_key/cacd/tmp/create_key/ certificate file Generation : One. Server-side 1. Generate the server-side private key (key file): OpenSSL genrsa-des3-out Server.key 1024 The runtime prompts for a password, which is used to encrypt the key fi
certificate request, which is only used for Import
P7bDisplay the certificate chain in a tree(CertificateChain)And a single certificate, excluding the private key.
1. caCertificate
Use OpenSSL Create CA Certificate RSA
The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion;
products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the
content of the page makes you feel confusing, please write us an email, we will handle the problem
within 5 days after receiving your email.
If you find any instances of plagiarism from the community, please send an email to:
info-contact@alibabacloud.com
and provide relevant evidence. A staff member will contact you within 5 working days.