CentOS下OpenSSL的安裝和使用

1，安裝openssl

tar zxvf openssl-1.0.0a.tar.gz
cd openssl-1.0.0a
./config --prefix=/usr/local/openssl
make && make install

2,安裝apache

tar zxvf httpd-2.2.16.tar.gz
cd httpd-2.2.16
./configure --prefix=/usr/local/apache --enable-ssl --enable-rewrite --enable-so --with-ssl=/usr/local/openssl
make && make install

如果你是yum install ,apt-get,pacman這樣的軟體管理工具進行安裝的話，上面的二步可以省掉。

3，建立主認證

在/usr/local/apache/conf/下面建個目錄ssl

3.1，mkdir ssl

3.2，cp /openssl的安裝目錄/ssl/misc/CA.sh /usr/local/apache/conf/ssl/

3.3 用CA.sh來建立認證

查看複製列印

1.  [root@BlackGhost ssl]# ./CA.sh -newca //建立主認證

2.  CA certificate filename (or enter to create)

3.   

4.  Making CA certificate ...

5.  Generating a 1024 bit RSA private key

6.  ............++++++

7.  ......++++++

8.  writing new private key to './demoCA/private/./cakey.pem'

9.  Enter PEM pass phrase:

10. Verifying - Enter PEM pass phrase:

11. Verify failure

12. Enter PEM pass phrase:

13. Verifying - Enter PEM pass phrase:

14. -----

15. You are about to be asked to enter information that will be incorporated

16. into your certificate request.

17. What you are about to enter is what is called a Distinguished Name or a DN.

18. There are quite a few fields but you can leave some blank

19. For some fields there will be a default value,

20. If you enter '.', the field will be left blank.

21. -----

22. Country Name (2 letter code) [AU]:cn

23. State or Province Name (full name) [Some-State]:cn

24. Locality Name (eg, city) []:cn

25. Organization Name (eg, company) [Internet Widgits Pty Ltd]:cn

26. Organizational Unit Name (eg, section) []:cn

27. Common Name (eg, YOUR name) []:localhost

28. Email Address []:xtaying@gmail.com

29.  

30. Please enter the following 'extra' attributes

31. to be sent with your certificate request

32. A challenge password []:******************

33. An optional company name []:

34. Using configuration from /etc/ssl/openssl.cnf

35. Enter pass phrase for ./demoCA/private/./cakey.pem: //填的是上面的PEM密碼

36. Check that the request matches the signature

37. Signature ok

38. Certificate Details:

39. Serial Number:

40. 89:11:9f:a6:ca:03:63:ab

41. Validity

42. Not Before: Aug 7 12:35:28 2010 GMT

43. Not After : Aug 6 12:35:28 2013 GMT

44. Subject:

45. countryName = cn

46. stateOrProvinceName = cn

47. organizationName = cn

48. organizationalUnitName = cn

49. commonName = localhost

50. emailAddress = xtaying@gmail.com

51.