Https, OpenSSL self-built CA certificate and issuing certificate, Nginx one-way authentication, two-way authentication and using Java access

Source: Internet
Author: User
Tags create directory

0. Environment

Installation of Nginx, installation of OpenSSL

1. Configuration and scripting

First create a demo directory (the location of their own choice, I choose to build in the Nginx directory):

mkdir /etc/nginx/ca-/etc/nginx/ca-demo

Modify the SSL configuration openssl.cnf (also may be openssl.conf, do not know where to find with FIND-NAME/OPENSSL.CNF)

Change the Dir property to your previous step self-built directory, do not use relative path , will trample pits, save,

I like automation, so I wrote three scripts like this, and I can use them directly:

Ca.sh:

#!/bin/bash#create directory hierarchy. Creating a Catalog StructureTouchindex.txt Serialchmod 666index.txt SerialEcho  on>Serialmkdir-P Newcerts Private
#生成RSA密钥对openssl Genrsa-des3-out./private/cakey.pem2048#openssl req-new-days365-key./PRIVATE/CAKEY.PEM-Out Ca.csr#openssl CA-selfsign-inchCA.CSR-Out ca.crt# one step. Build Csr,crt, direct 10-year use OpenSSL req-new-x509-days3650-key./private/cakey.pem-out CA.CRT

Server.sh:

#!/bin/bash# issues a server certificate mkdir-out./server/-new-key./ server/-in3650

Client.sh:

#!/bin/bash# Issue client certificate mkdir2048-new-key./client/client.key-out. client/-in"/etc/ssl/openssl.cnf"-export-clcerts-  in./client/client.crt-inkey./client/client.key-out./client/client.p12

All of the above three scripts can be found in Https://github.com/dreamingodd/CA-generation-demo

Copy the above three scripts into your own demo directory, as follows:

Join Run Permissions:

chmod +x *. SH

The results are as follows:

Not to be continued ...

To be Continued ...

Https, OpenSSL self-built CA certificate and issuing certificate, Nginx one-way authentication, two-way authentication and using Java access

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.