OpenSSL generates an HTTPS certificate (GO)

Source: Internet
Author: User
Tags modulus openssl rsa openssl x509 pkcs12

1. First to generate the server-side private key (key file):
OpenSSL genrsa-des3-out Server.key 1024
The runtime prompts for a password, which is used to encrypt the key file
command to remove the key file password:
OpenSSL rsa-in server.key-out Server.key

2.openssl Req-new-key server.key-out server.csr-config openssl.cfg
Generate the Certificate Signing request (CSR), and the resulting CSR file is handed to the CA to form its own certificate. The screen will prompt you to enter the required personal information in step steps according to its instructions.

3. The same command is generated for the client to generate key and CSR files:
OpenSSL genrsa-des3-out Client.key 1024
OpenSSL req-new-key client.key-out client.csr-config openssl.cfg

4.CSR files must be signed by a CA to form a certificate. This file can be sent to VeriSign and other places to be verified by it. Build yourself:
OpenSSL req-new-x509-keyout ca.key-out ca.crt-config openssl.cfg

5. Sign the SERVER.CSR,CLIENT.CSR file that you just generated with the certificate of the generated CA:
Openssl ca-in server.csr-out server.crt-cert ca.crt-keyfile ca.key-config openssl.cfg
Openssl ca-in client.csr-out client.crt-cert ca.crt-keyfile ca.key-config openssl.cfg

PS: Update the contents of the index.txt.attr file to Unique_subject = No if you report an error such as update database

Note: There is an error: Using configuration from/usr/share/ssl/openssl.cfg I am unable to access the./democa/newcerts directory./demo Ca/newcerts:no such file or directory
WORKAROUND: 1). mkdir-p./democa/newcerts
2). Touch Democa/index.txt
3). Touch democa/serial
4). Echo > Democa/serial

6. Merge certificate file (CRT) and private key file (key)

1). Cat Client.crt Client.key > Client.pem

2). Cat Server.crt Server.key > Server.pem

7. Merge into a PFX certificate

1). OpenSSL pkcs12-export-clcerts-in Client.crt-inkey client.key-out client.p12
2). OpenSSL pkcs12-export-clcerts-in Server.crt-inkey server.key-out server.p12
8. Textual Certificate

1). OpenSSL pkcs12-in client.p12-out client.txt

2). OpenSSL pkcs12-in server.p12-out server.txt

9. Screen mode explicit: (certificate, private key, public key)

1). OpenSSL x509-in Client.crt-noout-text-modulus

2). OpenSSL rsa-in Server.key-noout-text-modulus

3). OpenSSL rsa-in Server.pub-noout-text-modulus

10. Get DH

1). OpenSSL dhparam-out Dh1024.pem 1024


(8) Editing the Apache configuration file httpd.cfg
Open: LoadModule ssl_module modules/mod_ssl.so
Remove the comment from the following statement, Include Conf/extra/httpd-ssl.cfg
# Secure (SSL/TLS) connections
Include conf/extra/httpd-ssl.cfg
#
(9) Edit conf/extra/httpd-ssl.cfg

<virtualhost *:443>
Sslengine on
Sslcertificatefile CONF/SSL/SERVER.CRT
Sslcertificatekeyfile Conf/ssl/server.key
Sslcertificatechainfile CONF/SSL/CA.CRT
</VirtualHost>

Cd/usr/local/apache/conf
OpenSSL genrsa-des3-out Server.key 1024
OpenSSL Req-new-key server.key-out server.csr-config/usr/local/ssl/openssl.cfg
OpenSSL req-new-x509-keyout ca.key-out ca.crt-config/usr/local/ssl/openssl.cfg
Mkdir-p./democa/newcerts
Touch Democa/index.txt
Touch democa/serial
echo > Democa/serial
OpenSSL ca-in server.csr-out server.crt-cert ca.crt-keyfile ca.key-config/usr/local/ssl/openssl.cfg
Bin/apachectl start

OpenSSL generates an HTTPS certificate (GO)

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.