Certificate-related commands (personal retention)

OpenSSL genrsa-des3-out ca1.key 2048 Generate user key

OpenSSL rsa-in ca1.key-out ca1.key remove Key's password

OpenSSL req-new-key ca1.key-out ca1.csr-config openssl.cnf generate CSR file

OpenSSL ca-in user1.csr-out user1.crt-cert ca0.crt-keyfile ca0.key-config openssl.cnf signing CSR file

OpenSSL req-new-x509-keyout ca1_0.key-out ca1_0.crt-config openssl.cnf self-generated root certificate

OpenSSL Ca-revoke Ca1_1.crt

OpenSSL ca-gencrl-out ca1_1crl

OpenSSL pkcs12-in root.pfx-nodes-out Root.pem # Generate clear Text all content

OpenSSL rsa-in root.pem-out root.key # Fetch key file

OpenSSL x509-in root.pem-out ROOT.CRT # Fetch Certificate

OpenSSL pkcs12-export-inkey root.key-in root.crt-out root.pfx #合成pfx格式

The. CER/.CRT is used for storing certificates, which are stored in 2 binary form and do not contain private keys.

The difference between a. Pem and a crt/cer is that it is expressed in ASCII.

PFX/P12 is used to store personal certificates/private keys, he usually contains protection password, 2 binary mode

P10 is a certificate request

P7R is the CA's response to a certificate request and is used only for import

P7B the certificate chain (certificate chain) in a tree form, and also supports a single certificate with no private key

Basicconstraints=critical,ca:true, pathlen:20

Mount-t Cifs-o Username=administrator//192.168.0.11/share/mnt

This article from "Ding classmate 1990" blog, reproduced please contact the author!

Certificate-related commands (personal retention)