Certificate creation depends on the encryption algorithm, see http://yunweigou.blog.51cto.com/6299641/1637108
Preface, with the development of the network, because the use of HTTP protocol communication between the two sides of the data is clear-form, it is easy to be other network host to steal or swap data, can not provide security protection of data. To ensure the confidentiality and integrity of data, SSL is available
Ssl:secure Sockets layer Secure Sockets layers
Can be understood as a half layer between the transport layer and the application layer to encrypt and decrypt data
is a protocol for securely exchanging information between a Web browser and a Web server, providing two basic security services: Authentication and confidentiality.
For more details, please see Http://fr.wikipedia.org/wiki/SSL
Parentheses cannot be omitted, equivalent to opening a child shell process to run
# OpenSSL Genrsa-out TestKey 2048
Private keys are generally only readable and writable by themselves and must be changed to their permissions
# chmod TestKey
Can be changed to:
# (Umask 077;openssl genrsa-out testkey 2048)
To create a private CA using OpenSSL:
650) this.width=650; "src=" Http://s3.51cto.com/wyfs02/M02/6C/47/wKiom1VDfWmhAS3SAAD1eUF9L1M932.jpg "title=" Screenclip.png "alt=" Wkiom1vdfwmhas3saad1euf9l1m932.jpg "/>
Initiate a certificate signing request and self-sign the certificate
650) this.width=650; "src=" Http://s3.51cto.com/wyfs02/M01/6C/44/wKioL1VDgNLhQZ5uAAO3CtKGx9g390.jpg "title=" Screenclip.png "alt=" Wkiol1vdgnlhqz5uaao3ctkgx9g390.jpg "/>
-new: Generate a new certificate signing request
-key: Private key file path for extracting the public key
-days #: Certificate validity period, unit of day
-out: Output file (certificate) Save location
-x509: Direct output of self-signed certificates, usually only when building CAs
This completes the CA build. Each communication party can request a certificate from that ca.
For more details, refer to the/etc/pki/tls/openssl.conf file (you need to create a new secondary file, below)
Provide the necessary supporting documentation
650) this.width=650; "src=" Http://s3.51cto.com/wyfs02/M01/6C/48/wKiom1VDiYGwJfjIAAFE8ydR0U4043.jpg "title=" Screenclip.png "alt=" wkiom1vdiygwjfjiaafe8ydr0u4043.jpg "/> Note: Here to show you the error example, the signature is OK, the problem is that the requester and the requested area is inconsistent
From the build certificate signing request There is an error that begins, correct as follows
650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M01/6C/48/wKiom1VDi5fAZvi0AALpGOTLgcA761.jpg "style=" float: none; "title=" Screenclip.png "alt=" Wkiom1vdi5fazvi0aalpgotlgca761.jpg "/>
650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M02/6C/44/wKioL1VDjQOxXMUpAAP1ptsj6-M806.jpg "style=" float: none; "title=" Screenclip1.png "alt=" Wkiol1vdjqoxxmupaap1ptsj6-m806.jpg "/>
At this point, the certificate has been signed! Look at the interface is very comfortable, there is no ~
You will see the changes to the auxiliary files as follows:
650) this.width=650; "src=" Http://s3.51cto.com/wyfs02/M02/6C/44/wKioL1VDjY6TfPiFAAJHfMKLLpc001.jpg "title=" Screenclip.png "alt=" Wkiol1vdjy6tfpifaajhfmkllpc001.jpg "/>
This is over.
This article is from the "Ops Dog" blog, make sure to keep this source http://yunweigou.blog.51cto.com/6299641/1641244
The Linux OpenSSL tool creates a private CA